Threat Mobile Application Architecture, writing homework help

User Generated

xrrzl2017

Writing

Description

As you aware, protecting cyberspace from the ever-evolving threats requires a collection of tools and mechanisms. Some of these include penetration testing, threat modeling, and strategies for automated tests to reveal vulnerabilities. Threat modeling is performed to identify, analyze, and mitigate security risks to systems and applications. In this project, you will create a threat model for a mobile application. There are seven steps in this project. You will describe your mobile application architecture and its requirements, identify threats and methods of attacks on mobile applications, and then the controls to prevent attacks. Use the attached template to complete the threat model report

Unformatted Attachment Preview

As you aware, protecting cyberspace from the ever-evolving threats requires a collection of tools and mechanisms. Some of these include penetration testing, threat modeling, and strategies for automated tests to reveal vulnerabilities. Threat modeling is performed to identify, analyze, and mitigate security risks to systems and applications. In this project, you will create a threat model for a mobile application. There are seven steps in this project. You will describe your mobile application architecture and its requirements, identify threats and methods of attacks on mobile applications, and then the controls to prevent attacks. Use the attached template to complete the threat model report Threat Model CST 620 [name] [date] 2 INTRODUCTION [write an introduction of what the paper is about] MOBILE APPLICATION ARCHITECTURE [Describe the architecture of your mobile application. Integrate step1 description of mobile application architecture as it relates to your application] REQUIREMENTS [Define the requirements for your mobile application. Integrate step 2 requirements for your mobile application.] 3 THREATS AND THREAT AGENTS [Describe the possible threats and agents to your mobile application. Integrate step 3 description of threats and threat agents to help define these issues that could affect the application.] METHODS OF ATTACKS [Describe the methods of attacks that could affect your mobile application. Integrate step 4 methods of attacks to better prepare your description.] ANALYSIS OF THREATS [Prepare an analysis of the threats to your mobile application. Integrate step 5 analysis of mobile application threats to help you create this section of your report.] 4 CONTROLS [Describe the controls one can use to protect your mobile application. Integrate step 6 controls to prepare your controls section.] CONCLUSION [Discuss the main points from the paper and bring our important facts to help sell your ideas to the reader.] 5 REFERENCES [create a list of all references use in paper and IAW APA style format] Hakeem Oladapo Project 3 Feedback 40 Performance does not meet expectations. Your report does not adequately address most of the project requirements. Specific details are discussed below. Step 1: You should have identified a specific mobile application architecture and use that as the basis for addressing the subsequent steps. The diagram on page is not a mobile application architecture, but it could be part of such an architecture. https://msdn.microsoft.com/en-us/library/ee658108.aspx You might want to use Apache Cordova: https://www.toptal.com/mobile/developing-mobile-applications-with-apachecordova Step 2: You need to define the purpose of the mobile application from a business perspective, and address the other requirements as indicated under step 2 in LEO. Step 3: There are more threats and threat agents than the ones you discussed. Examples of human interaction threat agents include, app store approvers, internal employees, malicious developers, the owner of the device, a stolen device user or a common Wi-Fi network user. Malware on the device, malicious apps, malicious sms and scripts that execute at the browser are all examples of automated programs threat agents. Step 4: You discussed some of them but there are more. Think about cyber-attacks and include them. Step 5: Identify threat agents and ways they may try to attack your mobile application. Present the lab results for the six .pcap when examined with Wireshark (screenshots). Step 5: The Excel spreadsheet should be completed and included (attached). Step 6: Controls are required to prevent attacks, detect attacks, mitigate/minimize impact of attack, privacy controls, and mapping of controls to each specific attack. JSHint, FxCop, OCLint and Android SDK’s linting/hinting tools provide dynamic code analysis. Microsoft Intune offers solutions that can detect malware and also report rooted or jailbroken devices. Anomalous activity can be detected through Azure Active Directory Identity Protection. Brute force attacks and compromised logins can be detected by the ADAL Cordova plugin or Azure Mobile Apps. Transparent data encryption, monitoring and notification, threat detection and auditing SQL servers for SQL databases and virtual machines are also provided by Azure Security Center. Controls to mitigate the impact of an attack include implementing a Content Security Policy (CSP), being specific with the whitelist, adding checks on the server side, using check SSL and SSL URLs, load resources and JavaScript locally and using InAppBrowser. Also, if there is an untrusted URL that needs to be loaded, it would be best to use InAppBrowser. Writing is accurate in diction, spelling, and punctuation. You cited creditable reference sources according to APA format. Use more sources.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hello again. Attached are the extra file- screenshots and the excel file for the lab output. Thanks.

Threat Model
CST 620

[Name]

[Date]

1

2

INTRODUCTION
Protecting cyberspace from the ever-evolving threats requires a collection of tools and
mechanisms. Some of these cyberspace protection mechanisms include penetration testing, threat
modeling, and strategies for automated tests to reveal vulnerabilities. Threat modeling is
performed to identify, analyze, and mitigate security risks to systems and applications. Mobile
applications have become an integral part of today's everyday life, it's hard to believe how the
platform has really grown. It's remarkable how quickly the technology has been adopted by both
enterprises and individuals alike. This growth comes along with security threats that may result
in far-reaching implications if not dealt with. In this project, the proponent will create a threat
model for Apache Cordova mobile application. The proponent will complete the project in steps
which are; firstly, is the description of Apache Cordova architecture and its requirements,
identify threats and methods of attacks on Apache Cordova, and then the controls to prevent
attacks and lastly prepare a complete threat model report.
MOBILE APPLICATION ARCHITECTURE
Apache Cordova is an open-source framework for mobile development. It enables one to
use web technologies - HTML5, JavaScript, and CSS3 for development across the standard
existing platforms. Applications run within wrappers targeted specifically to each one platform,
and it relies on standards-compliant Application Programme Interface(APIs) bindings to have
access to capabilities of each device such as application data, network status, and sensors
(Cordova, 2015).
Apache Cordova is used when


One wants to extend an application to cover more than one platform, without having to
implement it again with the new platform's tool set and language.



One wants to build a web app that is to be deployed to different app store portals.



One is interested in enabling the combination of native application components with
a browser window- Web View, that is able to access device-level APIs, or when one
wants to build a plugin interface between Web View and native devices.

3

Architecture

Figure -1 High-level architecture of Cordova Apache

REQUIREMENTS
Essentially, Cordova has no limitations in regard to applications natively developed.
Cordova is simply a JavaScript API, which serves as a container for native code and is consistent
across all other devices. It can be considered as an application container with a web view that
covers the entire screen of the mobile device. Cordova uses a web view that is similar to that of
native operating systems. For instance, on Android it is android.webkit, on iOS this is the
Objective-C UI class Web View.
Apache Cordova also is packaged with a set of pre-developed plugins which provides
access to the mobile’s file system, GPS, camera, etc. As mobile devices evolve, today, adding an
interface for adding new hardware is just a matter of developing a new plugin.
Lastly, Cordova applications are installed just like other native applications. This means
that an IPA file will be produced when building an application for iOS, APK file for Android,
and an XAP file for Windows Phone products. So if someone puts enough effort to develop an

4

application using Cordova, users may even fail to realize that they are not using a native
operating system.

Figure -0-2 Apache development workflow

Plugins are also one of an integral part of the Cordova system. The plugins provide an
interface for native components and Cordova can interact with each other and bounds them to
standard device APIs. This enables users to invoke the native code straight from JavaScript.
Cordova maintains some plugins called the Core Plugins. These plugins provide
applications access to functionalities like a battery, camera, contacts, etc.
Additionally, there are a number of third-party plugins providing additional bindings to
features which may or may not be available on all platforms. Plugins are necessary, for instance,
for communication custom native components and Cordova.
Cordova can be developed following two basic paths:


To develop a mobile application targeting a specific platform, then a platform centered
workflow is recommended. In this case, you will able to tweak and modify the
application at a lower level and combining Cordova components with native components.
This method can prove to be too long and tedious when developing a cross-platform
targeting application.



To develop an application targeting more than one platform having little or even no
development that is platform specific, the cross-platform workflow is recommended.
Cordova has a tool supporting this workflow and is called Cordova Command-line
Interface (CLI). It is a high-level abstraction for building and configuring your

5

application to be able to operate on different platforms. This is the most popular method
of application development.
Cross platform development is usually recommended to start with then you can switch to
platform centered development because it is fairly straightforward to shift. However, starting
with platform-centered development will not allow you to shift to cross-centered development
why? During the building process, the Cordova Command will overwrite any customizations
made (PETKOVSKI, 2014).

THREATS AND THREAT AGENTS
Apache Cordova as discussed before is an open-source framework for mobile
development. Now, before going into specific threats and threat agents, the proponent will
highlight what are the probable areas the application might be attacked. The questions to be
answered are, what are the assets worth protecting? And what would be the impact to Cordova
businesswise if compromised? The assets and potential impacts are discussed as below
(Kesäniemi, 2014).










Data. This application has pre-prepared code and databases upon which the users can use
to build mobile applications, therefore, any unauthorized modification of the code and
database may adversely affect the working efficiency of the application.
Money, privacy, and credentials. Remember this application can be used develop any
other mobile application. Therefore, Cordova should have a mechanism to enable high
security of applications developed on it especially including banking, clouding or
messaging applications that require high-level privacy and security of the transaction.
IPR, innovations, and algorithms. Some threats will be targeting to either imitate, copy or
have access to the source code of Apache Cordova. Cordova developer will have to
develop a mechanism(s) to avert this.
Reputation, customer experience. Some threat will be just intended to frustrate the user,
for example, virus to slow the application down or just to include a bug to the developed
application. This kind of threat will spoil not only the otherwise good reputation of
Cordova but also customer experience.
Processes. This is threats that essentially change the working of Cordova to do functions
not initially designed to perform.

Now the proponent will identify threats that can affect Apache Cordova system and
compromise its assets. Following are the potential threats to Cordova. The attacks will be
categorized into three (J.D. Meier, 2010),
Network Threats
These are threats that results from the flow of data packets, network topology, together
with routers, switch configurations and firewall because this application will mostly be using the
network. Again the virtual private network (VPN) endpoints are also to be monitored. The
threats may be:-

6


On the security mechanisms used relying on the IP address of the sending party because
it is easier to send or use IP packets with deceitful source IP addresses.



Passing session cookies or identifiers over network channels that are not encrypted. This
leaves the IP session vulnerable to hijacking.



Passing of sensitive or text authentication that is clear credentials data over unencrypted
channels of communication. This allows an attacker to monitor activities of the network
and can easily obtain credentials for log into the platform, or obtain and tamper with
information items that may sensitive to the Cordova application.

Host threats
Here, it is also ideally fit for spotting vulnerabilities, identifying threats and reviewing
security. Configuration categories that apply to all server roles including that of Apache Cordova
include patches and updates, protocols, accounts, files and directories, shares, ports, spotting
vulnerabilities, and auditing, logging, and services. For each category the identified threats are;


Using unpatched servers. These servers are vulnerable to viruses’ attacks, well-known IIS
attacks, Trojan horses, and worms.



Maintaining non-essential services, ports, and protocols. As they increase the attack
tendency of the Apache Cordova because attackers are able to gather information about
the network and use it to their advantage.



Allowing for unauthenticated and anonymous access. This might be the attackers. When
the Apache is online it can be modified to alter customer satisfaction as said earlier.



Lastly, use of weak passwords and also account policies that leave the system vulnerable
to identity spoofing, hacking or password cracking and eventually leading to a denial of
service attacks when the users can be locked out intentionally. Such things are not be
expected with Apache Cordova.

Application(Cordova Apache) Threats
In the previous sections, the proponent defined the architecture and flow of data of Apache
Cordova. Cordova also has a security profile that shows the application will be dealing with core
areas, that include authorization, configuration management, authentication and other areas. The
following are the technology-specific threats, application threats and code threats to Apache
Cordova.


Use of poor input validation potentially leading to SQL injection, cross-site scripting
(XSS), and buffer overflow attacks corrupting the core database of Cordova.



Use of weak account and password policies, which can potentially lead to access that is
not authorized especially by the users.



Passing authentication cookies or authentication credentials or even over the unencrypted
network. This has a probability that can lead to session hijacking or credential capture.

7

This will mainly apply when the internet is used though Cordova is most of the time
offline.


Failure to give security to the configuration management dimensions of Cordova,
especially the administration interfaces. This might lead to corruption or distortion of the
whole application.



Keeping configuration sensitive information, such as connection character and service
account credentials, in the just clear text.



Use of service accounts and over-privileged process, therefore, altering the application at
any level.



Use not secure data access coding techniques. This way, the threat posed by SQL
injection is increased.



Use of custom or weak encryption this will fail to effectively secure encryption keys.



Trusting the integrity of variables that are passed from the Web browser, for instance,
query strings, cookie data form fields and HTTP headers.



Use of exception handling techniques that are not secure. That leads to the exposure of
system-level parameter that is useful to a malicious personnel and even denial of service
attacks and.



Inadequate logging and auditing leading to repudiation threats.

METHODS OF ATTACKS
Cordova Apache might be having some vulnerabilities, which attackers might want to
exploit for their own gain. The following are the methods of attack Cordova is likely to face
Network exploitations


As stated in the previous sections, Cordova is vulnerable to attack through the network,
attackers may take advantage of the network weakness or flawlessness of web browser
used by a user to on mobile device especially in Wi-Fi network to unsuspecting users of
Cordova.



In addition, malicious code or data may be sent by hackers from malicious websites
towards a user of Cordova. When the user goes to the malicious page, the malicious code
takes over control and gets sensitive data or corrupts the victim’s application in terms of
efficiency or even effectiveness.

Social engineering

8



Attackers in most cases use hyped contents. This content attracts victims, they are
manipulated or even persuaded into revealing information that is rather confidential
through deception and lies, for example, phishing for the purpose of obtaining access
rights, fraud or information gathering.

Malware


Sometimes legitimate code hosts Viruses, spread worms that are replicable, or even
Trojan horses in purpose can come into action. This can happen especially when the
device hosting Cordova is not well protected. This can dot Cordova reputation, especially
to ignorant users.

Misuse available resource and service


Denial of service or Email or SMS spamming. Sometimes groups or a group of attacking
devices send a lot of data to one target through the Internet to impact the services offered
by Cordova. But with proper policies in place, this can be averted.

Enterprise or private Loss of Data


Sometimes the mobile device might be stolen or lost. In this case, Cordova should have
mechanisms to allow the user to recover the data or application that is built in. Again, the
data on a mobile application may be uploaded to a personal computer while for example
synchronizing of entertainment. All this might lead to Enterprise or private data loss.

Data tamper


Sometimes, malicious people might intentionally change or corrupt Cordova data without
permission from the user/owner in such cases the working of the designed application
may be affected.

ANALYSIS OF THREATS
Threats to Cordova will be analyzed in three sections using the Microsoft DREAD threat
risk analyzing the model. The technique will be used to analyze each of three aforementioned
attack threats.
Analysis of network threats.
An attack through the network will affect Cordova in the following way


Damage. A malicious attacker may access the application but the authentication details
may prevent him from manipulating the application. So the damage will only be limited
to applications used by the user and so customer trustworthy may diminish especially
among ignorant users.

9






Reproducibility. The threat is not easily reproducible. Since it can be easily be discovered
and actions were taken.
Affected user. This attack will only affect the user of the network. So very few will be
affected.
Exploitability. Cordova will not be exploited in this attack unless the attacker also cracks
the user’s authentication details.
Discoverability. This kind of threat can easily be found.

Analysis of Host threats.
Attacks on the hosting device will affect Cordova as follows.








Damage. Cordova core function will not be damaged but the application developed on it
might be manipulated or even changed. The user may be affected such he/she will have to
debug the developed application or start afresh.
Reproducibility. This kind of attacks can be reproduced since it will only involve hacking
user password and name or pattern or any other authentication mechanism that there be
once attacked the authentication details will have to change.
Exploitability. The attack can be used to obtain sensitive information on the mobile
device, for example, documents. But will not much affect Apache Cordova.
Affected users. This attack only affects a single user. The application installed on that
particular device will be the only one affected.
Discoverability. This kind of attack is also common and the attacker can easily discover
any vulnerability.

Analysis of threats to the application
This is the most serious attack to the Apache Cordova if and when it happens because much will
be at stake. This attack will affect Cordova as follows.







Damage. The damage will be ten over ten. Since the attacker can virtually do anything to
the application. He can copy the algorithms and the IPR, manipulate the core programs,
install malware for future attacks or just disable it.
Reproducibility. This kind of attack is difficult to reproduce given the security level
Cordova has.
Exploitability. This attack can be exploited to cause the gravest damage to the
application, its users and subsequent applications developed on Cordova platform.
Affected users. This attack will affect a single user. But when it happens the situation will
be investigated and all other applications updated appropriately to prevent further attacks.
Discoverability. This attack is difficult to be discovered. Apache Cordova has built-in
security mechanisms to prevent this kind of attack.

Apache Cordova mobile application threats can be analyzed, in summary, using the tree diagram
below from (OWASP, 2013)

10

Figure -3 use and misuse case graph for authentication

From the figure, you realize that the malicious user can pose a threat when he forces his way
through authentication gates. However, in Cordova, Harwest valid user accounts and dictionary
attacks are prevented by ensuring users use a password and names that are up to standard, that is,
they are of appropriate length and complexity.

11

CONTROLS
The purpose of controls is to determine if there is a protective measure, for example,
security control and policy measures in place that can avert each threat identified in the previous
section(s) and threat analysis from happening. Controls will be presented by mentioning the
threat type and highlighting specific possible countermeasures. Note that the Microsoft STRIDE
of identifying threats has been used here.










Spoofing identity threat.
Countermeasures include
• Appropriate authentication. This will include the local network users and the
application users. This will help avoid unauthorized access. For example,
Cordova Controls which network requests (XHR, images etc.) are allowed to be
made through its native hooks.
• Don't store secrets. Users are encouraged not store secrets on the mobile since
once it has been attacked, sensitive information may leak.
• Protect secret data. Secret data will are protected will the highest level of security
policies in place.
Tampering with data.
Countermeasures include;• Appropriate authorization.
• Hashes
• Tamper resistant protocols. For example, Cordova uses controls which URLs the
Web View itself can be navigated to. Applies to top-level navigations only.
• Digital signatures
Repudiation
Countermeasure include
• Digital signatures
• Audit trails.
• Timestamps.
Information Disclosure
Countermeasures include
• Authorization
• Privacy-enhanced protocols
• Don't store secrets
• Encryption
• Protect secrets
Denial of Service
Countermeasures include
• Appropriate authentication
• Throttling.
• Quality of service.
• Appropriate authorization

12



• Filtering
Elevation of privilege; to control this we make sure users run Run with least privilege

CONCLUSION
Several penetration tests of mobile applications have been done today and the results show
that whilst the majority of the people understand and focus more on the limitations relating to
mobile applications, very little number of people take time to actually think about security
implications of this technology. Limitations such as the operating system, limited screen size,
and limitations of virtual keyboard system take more attention, security and privacy is often an
afterthought, rife with loopholes that can plainly be seen during a threat assessment.
In this project, in the quest to model the threat analysis of Apache Cordova; the whole
project report can be summarized into three main areas






Decomposition the Application. Here the proponent was interested in gaining an
understanding of Cordova and the ways in which it interacts with external entities i.e. the
phone and the native operating system. This involved understanding the architecture of
the application and data flow of the application. This helped in understanding how the
application is used, therefore identifying entry points to shed light on where an attacker
could likely interact with Apache Cordova.
Determine threats and threat agents. STRIDE was used to define threat categories which
were later grouped into three; Network, host and application threats. The threats can be
put into categories such as authentication, authorization, data Validation, auditing and
Logging, data Protection both in Storage, Transit and Configuration Management and
exception management. The goal here was to help identify threats from the attacker’s
perspective and mechanisms to defend the system.
Determining controls, countermeasures, and mitigation. Once threats are assigned in
terms of the level of risks that is they are sort from the lowest to the highest risk, the
mitigation efforts are prioritized. Risk mitigation strategy might also involve evaluating
the identified threats from the business point of view, the impact they likely to pose and
therefore reducing the risk
After all the steps are taken the resulting document is the threat model for the application.

Attached are the packet capture screenshots of an analysis I have done on my own network
and the excel sheet attached is the output.

13

REFERENCES

Cordova. (2015, 8 27). Cordova. Retrieved from Cordova Apache Overview:
https://cordova.apache.org/docs/en/latest/guide/overview/
J.D. Meier, A. M. (2010, June). Threat Modeling. Retrieved from Microsoft Developer Network
documentation: https://msdn.microsoft.com/en-us/library/ff648644.aspx
Kesäniemi, A. (2014). The OWASP Foundation. Mobile Application Threat Analysis, 16.
OWASP. (2013, June). OWASP. Retrieved from Application Threat Modeling:
https://www.owasp.org/index.php/Application_Threat_Modeling
PETKOVSKI, F. (2014). Apache Cordova Tutorial: Developing Mobile Applications with
Cordova. Retrieved from Toptal Top Mobile app developers:
https://www.toptal.com/mobile/developing-mobile-applications-with-apache-cordova


"No.","Time","Source","Destination","Protocol","Length","Info"
"1","0.000000","216.58.204.142","192.168.43.150","QUIC","78","Payload (Encrypted), PKN: 8"
"2","0.038984","216.58.204.142","192.168.43.150","QUIC","69","Payload (Encrypted), PKN: 9"
"3","7.186396","52.2.29.109","192.168.43.150","TCP","242","8888 > 49666 [PSH, ACK] Seq=1 Ack=1 Win=239 Len=188"
"4","7.186631","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=1 Ack=189 Win=252 Len=0"
"5","7.697516","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=1 Ack=189 Win=252 Len=36"
"6","8.607408","192.168.43.150","52.2.29.109","TCP","90","[TCP
in=252 Len=36"
Retransmission] 49666 > 8888 [PSH, ACK] Seq=1 Ack=189
"7","9.308126","52.2.29.109","192.168.43.150","TCP","242","[TCP
Ack=1 Win=239 Len=188"
Spurious Retransmission] 8888 > 49666 [PSH, ACK] Seq=1
"8","9.308336","192.168.43.150","52.2.29.109","TCP","66","[TCP
Len=0 SLE=1 SRE=189"
Dup ACK 4#1] 49666 > 8888 [ACK] Seq=37 Ack=189 Win=2
"9","9.616755","52.2.29.109","192.168.43.150","TCP","242","8888 > 49666 [PSH, ACK] Seq=189 Ack=1 Win=239 Len=188"
"10","9.617043","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=37 Ack=377 Win=257 Len=0"
"11","9.621506","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=377 Ack=37 Win=239 Len=32"
"12","9.621788","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=37 Ack=409 Win=256 Len=0"
"13","9.622108","52.2.29.109","192.168.43.150","TCP","66","[TCP
9 Len=0 SLE=1 SRE=37"
Dup ACK 11#1] 8888 > 49666 [ACK] Seq=409 Ack=37 Win
"14","21.379133","192.168.43.150","34.202.72.69","TCP","55","[TCP segment of a reassembled PDU]"
"15","23.382532","192.168.43.150","111.221.29.83","TLSv1.2","171","Application Data"
"16","23.453781","34.202.72.69","192.168.43.150","TCP","66","443 > 49743 [ACK] Seq=1 Ack=2 Win=170 Len=0 SLE=1 SRE=
"17","24.121743","192.168.43.150","111.221.29.83","TCP","171","[TCP
Win=257 Len=117"
Retransmission] 49785 > 443 [PSH, ACK] Seq=1 Ack=
"18","25.481687","192.168.43.150","111.221.29.83","TCP","171","[TCP
Win=257 Len=117"
Retransmission] 49785 > 443 [PSH, ACK] Seq=1 Ack=
"19","26.143687","192.168.43.150","130.211.8.148","TCP","55","[TCP segment of a reassembled PDU]"
"20","26.310939","130.211.8.148","192.168.43.150","TCP","66","443 > 49758 [ACK] Seq=1 Ack=2 Win=324 Len=0 SLE=1 SRE
"21","26.385517","34.202.72.69","192.168.43.150","TLSv1.2","283","Application Data"
"22","26.385743","192.168.43.150","34.202.72.69","TCP","54","49743 > 443 [ACK] Seq=2 Ack=230 Win=252 Len=0"
"23","27.404280","192.168.43.150","34.202.72.69","TLSv1.2","1032","Application Data"
"24","27.825526","34.202.72.69","192.168.43.150","TCP","54","443 > 49743 [ACK] Seq=230 Ack=980 Win=178 Len=0"
"25","28.196740","192.168.43.150","111.221.29.83","TCP","171","[TCP
Win=257 Len=117"
Retransmission] 49785 > 443 [PSH, ACK] Seq=1 Ack=
"26","28.697743","192.168.43.150","52.207.16.100","TLSv1.2","330","Application Data"
"27","28.702430","192.168.43.150","192.168.43.1","DNS","89","Standard query 0x0881 A nexus-websocket-b.intercom.io"
"28","28.760582","192.168.43.1","192.168.43.150","DNS","286","Standard
m.io CNAME nexus-websocket-b-577134565.us-east-1.elb.amazonaws.com
query response
A 54.87.171.148
0x0881 A nexus-websocket-b.int
A 52.4.26.128 A 34.1
"29","28.763985","192.168.43.150","54.87.171.148","TCP","66","49801
ACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS
"30","28.952069","192.168.43.150","54.87.171.148","TCP","66","49802
ACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS
"31","28.986440","52.207.16.100","192.168.43.150","TLSv1.2","339","Application Data"
"32","28.986730","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=277 Ack=286 Win=252 Len=0"
"33","29.049992","54.87.171.148","192.168.43.150","TCP","58","443
400"
> 49801 [SYN, ACK] Seq=0 Ack=1 Win=26883 Len=0 M
"34","29.050377","192.168.43.150","54.87.171.148","TCP","54","49801 > 443 [ACK] Seq=1 Ack=1 Win=64400 Len=0"
"35","29.055376","192.168.43.150","54.87.171.148","TLSv1.2","299","Client Hello"
"36","29.236290","54.87.171.148","192.168.43.150","TCP","66","443
400 SACK_PERM=1 WS=256"
> 49802 [SYN, ACK] Seq=0 Ack=1 Win=26883 Len=0 M
"37","29.236702","192.168.43.150","54.87.171.148","TCP","54","49802 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"38","29.377466","54.87.171.148","192.168.43.150","TCP","54","443 > 49801 [ACK] Seq=1 Ack=246 Win=26800 Len=0"
"39","29.768573","54.87.171.148","192.168.43.150","TCP","1354","443
P segment of a reassembled PDU]"
> 49801 [ACK] Seq=1 Ack=246 Win=26800 Len=130
"40","29.768830","192.168.43.150","54.87.171.148","TCP","54","49801 > 443 [ACK] Seq=246 Ack=1301 Win=63100 Len=0"
"41","29.845349","54.87.171.148","192.168.43.150","TCP","1354","443
[TCP segment of a reassembled PDU]"
> 49801 [ACK] Seq=1301 Ack=246 Win=26800 Len=
"42","29.845568","192.168.43.150","54.87.171.148","TCP","54","49801 > 443 [ACK] Seq=246 Ack=2601 Win=64400 Len=0"
"43","29.851509","54.87.171.148","192.168.43.150","TLSv1.2","1336","Server
er Hello Done"
Hello, Certificate, Server Key Exchange, Serv
"44","29.851731","192.168.43.150","54.87.171.148","TCP","54","49801 > 443 [ACK] Seq=246 Ack=3883 Win=63118 Len=0"
"45","29.864990","192.168.43.150","54.87.171.148","TLSv1.2","180","Client
ndshake Message"
Key Exchange, Change Cipher Spec, Encrypted H
"46","30.175672","54.87.171.148","192.168.43.150","TCP","54","443 > 49801 [ACK] Seq=3883 Ack=372 Win=26800 Len=0"

"47","30.915709","192.168.43.150","111.221.29.83","TCP","171","[TCP
Win=257 Len=117"
Retransmission] 49785 > 443 [PSH, ACK] Seq=1 Ack=
"48","32.019650","54.87.171.148","192.168.43.150","TLSv1.2","105","Change Cipher Spec, Encrypted Handshake Message"
"49","32.019785","192.168.43.150","54.87.171.148","TCP","54","49801 > 443 [ACK] Seq=372 Ack=3934 Win=63067 Len=0"
"50","32.516351","52.2.29.109","192.168.43.150","TCP","242","8888 > 49666 [PSH, ACK] Seq=409 Ack=37 Win=239 Len=18
"51","32.516625","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=37 Ack=597 Win=256 Len=0"
"52","33.637775","192.168.43.150","111.221.29.83","TCP","171","[TCP
Win=257 Len=117"
Retransmission] 49785 > 443 [PSH, ACK] Seq=1 Ack=
"53","33.813936","52.207.16.100","192.168.43.150","TLSv1.2","86","Application Data"
"54","33.814101","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=277 Ack=318 Win=252 Len=0"
"55","34.695176","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=37 Ack=597 Win=256 Len=36"
"56","34.974848","52.2.29.109","192.168.43.150","TCP","54","8888 > 49666 [ACK] Seq=597 Ack=73 Win=239 Len=0"
"57","34.975280","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=597 Ack=73 Win=239 Len=32"
"58","34.975512","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=73 Ack=629 Win=256 Len=0"
"59","35.521933","192.168.43.150","95.183.2.66","TCP","66","49803
_PERM=1"
> 80 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=25
"60","35.816889","95.183.2.66","192.168.43.150","TCP","66","80
WS=256 SACK_PERM=1"
> 49803 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1
"61","35.817158","192.168.43.150","95.183.2.66","TCP","54","49803 > 80 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"62","35.820498","192.168.43.150","95.183.2.66","HTTP","330","GET
ed0054236&userIdentifier=6841df7d-3e22-49b6-8213-17773591e529
/UM_ApiRest/GetUser?apiKey=6ae0c3a0-afdc-4532-a
HTTP/1.1 "
"63","36.110135","95.183.2.66","192.168.43.150","HTTP","679","HTTP/1.1 200 OK (application/json)"
"64","36.110505","192.168.43.150","95.183.2.66","TCP","54","49803 > 80 [ACK] Seq=277 Ack=626 Win=65024 Len=0"
"65","39.076712","192.168.43.150","111.221.29.83","TCP","171","[TCP
Win=257 Len=117"
Retransmission] 49785 > 443 [PSH, ACK] Seq=1 Ack=
"66","39.754720","130.211.8.148","192.168.43.150","TLSv1.2","109","Application Data"
"67","39.754946","192.168.43.150","130.211.8.148","TCP","54","49758 > 443 [ACK] Seq=2 Ack=56 Win=255 Len=0"
"68","39.755217","130.211.8.148","192.168.43.150","TCP","54","443 > 49758 [FIN, ACK] Seq=56 Ack=2 Win=324 Len=0"
"69","39.755357","192.168.43.150","130.211.8.148","TCP","54","49758 > 443 [ACK] Seq=2 Ack=57 Win=255 Len=0"
"70","39.756169","192.168.43.150","130.211.8.148","TCP","54","49758 > 443 [FIN, ACK] Seq=2 Ack=57 Win=255 Len=0"
"71","39.943580","130.211.8.148","192.168.43.150","TCP","54","443 > 49758 [ACK] Seq=57 Ack=3 Win=324 Len=0"
"72","42.246367","192.168.43.150","192.229.182.210","SSL","55","Continuation Data"
"73","42.563501","192.229.182.210","192.168.43.150","TCP","66","443
2"
> 49732 [ACK] Seq=1 Ack=2 Win=307 Len=0 SLE=1
"74","49.955707","192.168.43.150","111.221.29.83","TCP","171","[TCP
Win=257 Len=117"
Retransmission] 49785 > 443 [PSH, ACK] Seq=1 Ack=
"75","52.528772","192.168.43.150","134.170.51.247","TCP","54","49793 > 443 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0"
"76","52.920189","52.2.29.109","192.168.43.150","TCP","133","8888 > 49666 [PSH, ACK] Seq=629 Ack=73 Win=239 Len=79
"77","52.920455","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=73 Ack=708 Win=255 Len=0"
"78","53.388364","52.2.29.109","192.168.43.150","TCP","205","8888 > 49666 [PSH, ACK] Seq=708 Ack=73 Win=239 Len=15
"79","53.388571","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=73 Ack=859 Win=255 Len=0"
"80","58.498381","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"81","58.595046","192.168.43.150","13.71.156.142","TCP","54","49797 > 443 [FIN, ACK] Seq=1 Ack=1 Win=256 Len=0"
"82","59.499225","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"83","59.845610","192.168.43.150","13.71.156.142","TCP","54","[TCP
Win=256 Len=0"
Retransmission] 49797 > 443 [FIN, ACK] Seq=1 Ack=1
"84","60.284729","52.2.29.109","192.168.43.150","TCP","218","8888 > 49666 [PSH, ACK] Seq=859 Ack=73 Win=239 Len=16
"85","60.284923","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=73 Ack=1023 Win=254 Len=0"
"86","60.334346","52.2.29.109","192.168.43.150","TCP","192","8888 > 49666 [PSH, ACK] Seq=1023 Ack=73 Win=239 Len=1
"87","60.334512","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=73 Ack=1161 Win=253 Len=0"
"88","60.499178","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"89","60.695252","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=73 Ack=1161 Win=253 Len=36
"90","61.500184","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"91","61.575083","192.168.43.150","52.2.29.109","TCP","90","[TCP
61 Win=253 Len=36"
Retransmission] 49666 > 8888 [PSH, ACK] Seq=73 Ack=1
"92","62.225527","192.168.43.150","13.71.156.142","TCP","54","[TCP
Win=256 Len=0"
Retransmission] 49797 > 443 [FIN, ACK] Seq=1 Ack=1
"93","62.501907","52.2.29.109","192.168.43.150","TCP","356","[TCP
=859 Ack=73 Win=239 Len=302"
Spurious Retransmission] 8888 > 49666 [PSH, ACK] Seq

"94","62.502025","192.168.43.150","52.2.29.109","TCP","66","[TCP
=253 Len=0 SLE=859 SRE=1161"
Dup ACK 87#1] 49666 > 8888 [ACK] Seq=109 Ack=1161
"95","62.867542","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=1161 Ack=109 Win=239 Len=3
"96","62.867689","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=1193 Win=253 Len=0"
"97","62.869958","52.2.29.109","192.168.43.150","TCP","66","[TCP
=239 Len=0 SLE=73 SRE=109"
Dup ACK 95#1] 8888 > 49666 [ACK] Seq=1193 Ack=109
"98","64.659085","52.2.29.109","192.168.43.150","TCP","201","8888 > 49666 [PSH, ACK] Seq=1193 Ack=109 Win=239 Len=
"99","64.659197","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=1340 Win=253 Len=0"
"100","66.986444","192.168.43.150","13.71.156.142","TCP","54","[TCP
Win=256 Len=0"
Retransmission] 49797 > 443 [FIN, ACK] Seq=1 Ack=
"101","67.295182","52.2.29.109","192.168.43.150","TCP","205","8888
"
> 49666 [PSH, ACK] Seq=1340 Ack=109 Win=239 Len
"102","67.295462","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=1491 Win=252 Len=0"
"103","68.383020","192.168.43.150","111.221.29.83","TLSv1.2","171","Application Data"
"104","68.384281","192.168.43.150","111.221.29.83","TLSv1.2","139","Encrypted Alert"
"105","68.384550","192.168.43.150","111.221.29.83","TCP","54","49785 > 443 [FIN, ACK] Seq=320 Ack=1 Win=257 Len=0"
"106","69.698129","192.168.43.150","52.207.16.100","TLSv1.2","330","Application Data"
"107","69.981423","52.207.16.100","192.168.43.150","TLSv1.2","339","Application Data"
"108","69.981657","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=553 Ack=603 Win=257 Len=0"
"109","71.604245","192.168.43.150","111.221.29.115","TLSv1.2","171","Application Data"
"110","71.678474","52.2.29.109","192.168.43.150","TCP","192","8888
"
> 49666 [PSH, ACK] Seq=1491 Ack=109 Win=239 Len
"111","71.678756","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=1629 Win=252 Len=0"
"112","71.723900","192.168.43.150","111.221.29.83","TCP","54","49785 > 443 [RST, ACK] Seq=321 Ack=1 Win=0 Len=0"
"113","72.374900","192.168.43.150","111.221.29.115","TCP","171","[TCP
=1 Win=256 Len=117"
Retransmission] 49799 > 443 [PSH, ACK] Seq=1 A
"114","72.828558","192.168.43.150","34.202.72.69","TCP","55","[TCP
52 Len=1"
Keep-Alive] 49743 > 443 [ACK] Seq=979 Ack=230 Win
"115","72.880798","SamsungE_83:cd:36","HonHaiPr_46:4b:03","ARP","42","Who has 192.168.43.150? Tell 192.168.43.1"
"116","72.880868","HonHaiPr_46:4b:03","SamsungE_83:cd:36","ARP","42","192.168.43.150 is at 00:71:cc:46:4b:03"
"117","72.954745","192.168.43.150","192.168.43.1","DNS","82","Standard query 0x64f1 A client.wns.windows.com"
"118","72.990243","192.168.43.1","192.168.43.150","DNS","205","Standard
NAME wns.notify.windows.com.akadns.net CNAME apac1.notify.windows.com.akadns.net
query response 0x64f1 A CNAME
client.wns.windows.co
hk2.wns.notify
"119","72.992387","192.168.43.150","111.221.29.66","TCP","66","49804
SACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 W
"120","73.108931","34.202.72.69","192.168.43.150","TCP","66","[TCP
in=178 Len=0 SLE=979 SRE=980"
Keep-Alive ACK] 443 > 49743 [ACK] Seq=230 Ack=980
"121","73.386620","111.221.29.66","192.168.43.150","TCP","66","443
400 WS=1 SACK_PERM=1"
> 49804 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 M
"122","73.387033","192.168.43.150","111.221.29.66","TCP","54","49804 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"123","73.392279","192.168.43.150","111.221.29.66","TLSv1.2","244","Client Hello"
"124","73.775613","192.168.43.150","111.221.29.115","TCP","171","[TCP
=1 Win=256 Len=117"
Retransmission] 49799 > 443 [PSH, ACK] Seq=1 A
"125","73.816009","111.221.29.66","192.168.43.150","TCP","1454","443
P segment of a reassembled PDU]"
> 49804 [ACK] Seq=1 Ack=191 Win=8002 Len=140
"126","73.816361","192.168.43.150","111.221.29.66","TCP","54","49804 > 443 [ACK] Seq=191 Ack=1401 Win=65792 Len=0
"127","73.816712","111.221.29.66","192.168.43.150","TCP","114","443
0 [TCP segment of a reassembled PDU]"
> 49804 [PSH, ACK] Seq=1401 Ack=191 Win=8002 L
"128","73.816924","192.168.43.150","111.221.29.66","TCP","54","49804 > 443 [ACK] Seq=191 Ack=1461 Win=65536 Len=0
"129","73.836038","111.221.29.66","192.168.43.150","TLSv1.2","681","Server
er Hello Done"
Hello, Certificate, Server Key Exchange, Serv
"130","73.836334","192.168.43.150","111.221.29.66","TCP","54","49804 > 443 [ACK] Seq=191 Ack=2088 Win=65024 Len=0
"131","73.922926","192.168.43.150","111.221.29.66","TLSv1.2","236","Client
andshake Message"
Key Exchange, Change Cipher Spec, Encrypted
"132","74.236754","192.168.43.150","54.87.171.148","TCP","55","[TCP
2 Len=1"
Keep-Alive] 49802 > 443 [ACK] Seq=0 Ack=1 Win=65
"133","74.332535","111.221.29.66","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Message"
"134","74.332720","192.168.43.150","111.221.29.66","TCP","54","49804 > 443 [ACK] Seq=373 Ack=2195 Win=64768 Len=0
"135","74.338432","192.168.43.150","111.221.29.66","TLSv1.2","379","Application Data"
"136","74.338787","192.168.43.150","111.221.29.66","TLSv1.2","1179","Application Data"
"137","74.339015","192.168.43.150","111.221.29.66","TLSv1.2","251","Application Data"
"138","74.516548","54.87.171.148","192.168.43.150","TCP","66","[TCP
7136 Len=0 SLE=0 SRE=1"
Window Update] 443 > 49802 [ACK] Seq=1 Ack=1 W
"139","74.736626","111.221.29.66","192.168.43.150","TLSv1.2","331","Application Data"
"140","74.736756","192.168.43.150","111.221.29.66","TCP","54","49804 > 443 [ACK] Seq=2020 Ack=2472 Win=64512 Len=

"141","74.737343","111.221.29.66","192.168.43.150","TCP","54","443 > 49804 [FIN, ACK] Seq=2472 Ack=698 Win=7495 Le
"142","74.737447","192.168.43.150","111.221.29.66","TCP","54","49804 > 443 [ACK] Seq=2020 Ack=2473 Win=64512 Len=
"143","74.738192","192.168.43.150","111.221.29.66","TLSv1.2","139","Encrypted Alert"
"144","74.738364","192.168.43.150","111.221.29.66","TCP","54","49804
0"
> 443 [FIN, ACK] Seq=2105 Ack=2473 Win=64512
"145","74.746454","192.168.43.150","192.168.43.1","DNS","91","Standard query 0x0b56 A HK2SCH130020741.wns.window
"146","74.757435","111.221.29.66","192.168.43.150","TCP","54","443 > 49804 [ACK] Seq=2473 Ack=1823 Win=8192 Len=0
"147","74.757743","111.221.29.66","192.168.43.150","TCP","54","443 > 49804 [ACK] Seq=2473 Ack=2020 Win=7995 Len=0
"148","74.782510","192.168.43.1","192.168.43.150","DNS","107","Standard
ows.com A 111.221.29.78"
query response 0x0b56 A HK2SCH130020741.w
"149","74.783414","192.168.43.150","111.221.29.78","TCP","66","49805
SACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 W
"150","75.124003","111.221.29.66","192.168.43.150","TCP","54","[TCP
Win=7995 Len=0"
Dup ACK 147#1] 443 > 49804 [ACK] Seq=2473 Ack=2
"151","75.128411","111.221.29.66","192.168.43.150","TCP","54","443 > 49804 [ACK] Seq=2473 Ack=2106 Win=7910 Len=0
"152","75.170445","111.221.29.78","192.168.43.150","TCP","66","443
400 WS=1 SACK_PERM=1"
> 49805 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 M
"153","75.170597","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"154","75.172334","192.168.43.150","111.221.29.78","TLSv1.2","253","Client Hello"
"155","75.592876","111.221.29.78","192.168.43.150","TCP","1454","443
P segment of a reassembled PDU]"
> 49805 [ACK] Seq=1 Ack=200 Win=7993 Len=140
"156","75.592989","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=200 Ack=1401 Win=65792 Len=0
"157","75.593403","111.221.29.78","192.168.43.150","TCP","114","443
0 [TCP segment of a reassembled PDU]"
> 49805 [PSH, ACK] Seq=1401 Ack=200 Win=7993 L
"158","75.593459","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=200 Ack=1461 Win=65536 Len=0
"159","75.622889","111.221.29.78","192.168.43.150","TCP","1454","443
[TCP segment of a reassembled PDU]"
> 49805 [ACK] Seq=1461 Ack=200 Win=7993 Len=
"160","75.622995","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=200 Ack=2861 Win=65792 Len=0
"161","75.623500","111.221.29.78","192.168.43.150","TCP","114","443
0 [TCP segment of a reassembled PDU]"
> 49805 [PSH, ACK] Seq=2861 Ack=200 Win=7993 L
"162","75.623551","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=200 Ack=2921 Win=65536 Len=0
"163","75.623613","111.221.29.78","192.168.43.150","TLSv1.2","642","Server
er Hello Done"
Hello, Certificate, Server Key Exchange, Serv
"164","75.623660","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=200 Ack=3509 Win=65024 Len=0
"165","75.640880","192.168.43.150","111.221.29.78","TLSv1.2","236","Client
andshake Message"
Key Exchange, Change Cipher Spec, Encrypted
"166","76.032809","111.221.29.78","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Message"
"167","76.033104","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=382 Ack=3616 Win=65024 Len=0
"168","76.043053","192.168.43.150","111.221.29.78","TLSv1.2","379","Application Data"
"169","76.043713","192.168.43.150","111.221.29.78","TLSv1.2","1179","Application Data"
"170","76.044223","192.168.43.150","111.221.29.78","TLSv1.2","251","Application Data"
"171","76.476541","111.221.29.78","192.168.43.150","TCP","54","443 > 49805 [ACK] Seq=3616 Ack=2029 Win=8192 Len=0
"172","76.508042","192.168.43.150","13.71.156.142","TCP","54","[TCP
Win=256 Len=0"
Retransmission] 49797 > 443 [FIN, ACK] Seq=1 Ack=
"173","76.575188","192.168.43.150","111.221.29.115","TCP","171","[TCP
=1 Win=256 Len=117"
Retransmission] 49799 > 443 [PSH, ACK] Seq=1 A
"174","76.677240","111.221.29.78","192.168.43.150","TLSv1.2","347","Application Data"
"175","76.677520","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=2029 Ack=3909 Win=64512 Len=
"176","76.964636","111.221.29.78","192.168.43.150","TLSv1.2","171","Application Data"
"177","76.964926","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=2029 Ack=4026 Win=64512 Len=
"178","76.965281","111.221.29.78","192.168.43.150","TLSv1.2","267","Application Data"
"179","76.965494","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=2029 Ack=4239 Win=64256 Len=
"180","76.982304","192.168.43.150","111.221.29.78","TLSv1.2","299","Application Data"
"181","77.019169","192.168.43.150","54.87.171.148","TCP","55","[TCP
=63067 Len=1"
Keep-Alive] 49801 > 443 [ACK] Seq=371 Ack=3934 W
"182","77.304105","54.87.171.148","192.168.43.150","TCP","54","[TCP
Win=26800 Len=0"
Keep-Alive ACK] 443 > 49801 [ACK] Seq=3934 Ack=3
"183","77.397739","111.221.29.78","192.168.43.150","TLSv1.2","171","Application Data"
"184","77.398027","192.168.43.150","111.221.29.78","TCP","54","49805 > 443 [ACK] Seq=2274 Ack=4356 Win=65792 Len=
"185","77.868435","34.202.72.69","192.168.43.150","TLSv1.2","283","Application Data"
"186","77.868598","192.168.43.150","34.202.72.69","TCP","54","49743 > 443 [ACK] Seq=980 Ack=459 Win=251 Len=0"
"187","78.885594","192.168.43.150","54.87.171.148","TCP","54","49801
"
> 443 [FIN, ACK] Seq=372 Ack=3934 Win=63067 L

"188","78.886459","192.168.43.150","192.229.182.210","TCP","54","49732 > 443 [FIN, ACK] Seq=2 Ack=1 Win=254 Len=0"
"189","78.887746","192.168.43.150","34.202.72.69","TLSv1.2","1032","Application Data"
"190","79.194976","192.229.182.210","192.168.43.150","TCP","54","443 > 49732 [FIN, ACK] Seq=1 Ack=3 Win=307 Len=0"
"191","79.195251","192.168.43.150","192.229.182.210","TCP","54","49732 > 443 [ACK] Seq=3 Ack=2 Win=254 Len=0"
"192","79.311370","54.87.171.148","192.168.43.150","TCP","54","443 > 49801 [ACK] Seq=3934 Ack=373 Win=26800 Len=0
"193","79.318595","34.202.72.69","192.168.43.150","TCP","54","443 > 49743 [ACK] Seq=459 Ack=1958 Win=186 Len=0"
"194","79.379211","192.168.43.150","111.221.29.115","TCP","171","[TCP
=1 Win=256 Len=117"
Retransmission] 49799 > 443 [PSH, ACK] Seq=1 A
"195","79.508758","fe80::8b5:99de:fa96:ff99","ff02::1:2","DHCPv6","147","Solicit
44852a0e "
XID: 0x1c28e1 CID: 000100011c51a01a28d
"196","79.514897","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","DHCPv6","178","Advertise
0100011c51a01a28d244852a0e "
XID: 0x1c28e1 CID: 00
"197","79.613362","54.87.171.148","192.168.43.150","TCP","54","443
"
> 49801 [FIN, ACK] Seq=3934 Ack=373 Win=26800 L
"198","79.613598","192.168.43.150","54.87.171.148","TCP","54","49801 > 443 [ACK] Seq=373 Ack=3935 Win=63067 Len=0
"199","80.515008","fe80::8b5:99de:fa96:ff99","ff02::1:2","DHCPv6","147","Solicit
44852a0e "
XID: 0x1c28e1 CID: 000100011c51a01a28d
"200","80.779652","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","DHCPv6","178","Advertise
0100011c51a01a28d244852a0e "
XID: 0x1c28e1 CID: 00
"201","80.780135","fe80::8b5:99de:fa96:ff99","ff02::1:2","DHCPv6","147","Solicit
44852a0e "
XID: 0x1c28e1 CID: 000100011c51a01a28d
"202","80.784407","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","DHCPv6","178","Advertise
0100011c51a01a28d244852a0e "
XID: 0x1c28e1 CID: 00
"203","80.784740","fe80::8b5:99de:fa96:ff99","ff02::1:2","DHCPv6","147","Solicit
44852a0e "
XID: 0x1c28e1 CID: 000100011c51a01a28d
"204","80.790988","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","DHCPv6","178","Advertise
0100011c51a01a28d244852a0e "
XID: 0x1c28e1 CID: 00
"205","80.791388","fe80::8b5:99de:fa96:ff99","ff02::1:2","DHCPv6","147","Solicit
44852a0e "
XID: 0x1c28e1 CID: 000100011c51a01a28d
"206","80.800258","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","DHCPv6","178","Advertise
0100011c51a01a28d244852a0e "
XID: 0x1c28e1 CID: 00
"207","80.800611","fe80::8b5:99de:fa96:ff99","ff02::1:2","DHCPv6","147","Solicit
44852a0e "
XID: 0x1c28e1 CID: 000100011c51a01a28d
"208","80.809279","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","DHCPv6","178","Advertise
0100011c51a01a28d244852a0e "
XID: 0x1c28e1 CID: 00
"209","80.809673","fe80::8b5:99de:fa96:ff99","ff02::1:2","DHCPv6","147","Solicit
44852a0e "
XID: 0x1c28e1 CID: 000100011c51a01a28d
"210","80.818289","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","DHCPv6","178","Advertise
0100011c51a01a28d244852a0e "
XID: 0x1c28e1 CID: 00
"211","82.181327","192.168.43.150","111.221.29.115","TCP","171","[TCP
=1 Win=256 Len=117"
Retransmission] 49799 > 443 [PSH, ACK] Seq=1 A
"212","84.103951","52.2.29.109","192.168.43.150","TCP","164","8888
"
> 49666 [PSH, ACK] Seq=1629 Ack=109 Win=239 Len
"213","84.104143","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=1739 Win=251 Len=0"
"214","87.157257","52.2.29.109","192.168.43.150","TCP","543","8888
"
> 49666 [PSH, ACK] Seq=1739 Ack=109 Win=239 Len
"215","87.157478","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=2228 Win=257 Len=0"
"216","87.161057","192.168.43.150","192.168.43.1","DNS","85","Standard query 0xe35a A nexus.officeapps.live.com"
"217","87.197305","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","ICMPv6","86","Neighbor
8b5:99de:fa96:ff99 from e8:b4:c8:83:cd:36"
Solicitation for fe80::
"218","87.198099","fe80::8b5:99de:fa96:ff99","ff02::1:ff83:cd36","ICMPv6","86","Neighbor
f:fe83:cd36 from 00:71:cc:46:4b:03"
Solicitation for fe80::eab4:c8f
"219","87.200837","fe80::eab4:c8ff:fe83:cd36","fe80::8b5:99de:fa96:ff99","ICMPv6","86","Neighbor
4:c8ff:fe83:cd36 (rtr, sol, ovr) is at e8:b4:c8:83:cd:36"
Advertisement fe80::ea
"220","87.200959","fe80::8b5:99de:fa96:ff99","fe80::eab4:c8ff:fe83:cd36","ICMPv6","86","Neighbor
:99de:fa96:ff99 (sol, ovr) is at 00:71:cc:46:4b:03"
Advertisement fe80::8b
"221","87.364979","192.168.43.1","192.168.43.150","DNS","147","Standard
m CNAME prod-w.nexus.live.com.akadns.net A 40.76.1.176"
query response 0xe35a A nexus.officeapps.live.
"222","87.367085","192.168.43.150","40.76.1.176","TCP","66","49806
CK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=
"223","87.395293","52.2.29.109","192.168.43.150","TCP","371","8888
"
> 49666 [PSH, ACK] Seq=2228 Ack=109 Win=239 Len
"224","87.395512","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=2545 Win=255 Len=0"
"225","87.423669","52.2.29.109","192.168.43.150","TCP","192","8888
"
> 49666 [PSH, ACK] Seq=2545 Ack=109 Win=239 Len
"226","87.423886","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=109 Ack=2683 Win=255 Len=0"
"227","87.654697","40.76.1.176","192.168.43.150","TCP","66","443
0 WS=256 SACK_PERM=1"
> 49806 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS
"228","87.655058","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"229","87.658764","192.168.43.150","40.76.1.176","TLSv1.2","252","Client Hello"
"230","87.776586","192.168.43.150","111.221.29.115","TCP","171","[TCP
=1 Win=256 Len=117"
Retransmission] 49799 > 443 [PSH, ACK] Seq=1 A
"231","87.972883","40.76.1.176","192.168.43.150","TCP","1454","443
P segment of a reassembled PDU]"
> 49806 [ACK] Seq=1 Ack=199 Win=131584 Len=140
"232","87.973217","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=199 Ack=1401 Win=65792 Len=0"
"233","87.981100","40.76.1.176","192.168.43.150","TCP","1454","443
[TCP segment of a reassembled PDU]"
> 49806 [ACK] Seq=1401 Ack=199 Win=131584 Len=
"234","87.981320","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=199 Ack=2801 Win=65792 Len=0"

"235","88.002926","40.76.1.176","192.168.43.150","TCP","1454","443
[TCP segment of a reassembled PDU]"
> 49806 [ACK] Seq=2801 Ack=199 Win=131584 Len=
"236","88.003165","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=199 Ack=4201 Win=65792 Len=0"
"237","88.008923","40.76.1.176","192.168.43.150","TLSv1.2","1398","Server
Key Exchange, Server Hello Done"
Hello, Certificate, Certificate Status, Server
"238","88.009138","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=199 Ack=5545 Win=64256 Len=0"
"239","88.154186","192.168.43.150","40.76.1.176","TLSv1.2","268","Client
dshake Message"
Key Exchange, Change Cipher Spec, Encrypted Ha
"240","88.444585","40.76.1.176","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Message"
"241","88.444755","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=413 Ack=5652 Win=65792 Len=0"
"242","88.474786","192.168.43.150","40.76.1.176","TLSv1.2","427","Application Data"
"243","88.475383","192.168.43.150","40.76.1.176","TLSv1.2","347","Application Data"
"244","88.695741","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=109 Ack=2683 Win=255 Len=
"245","88.895409","40.76.1.176","192.168.43.150","TCP","54","443 > 49806 [ACK] Seq=5652 Ack=1079 Win=130560 Len=0
"246","88.993747","52.2.29.109","192.168.43.150","TCP","54","8888 > 49666 [ACK] Seq=2683 Ack=145 Win=239 Len=0"
"247","88.994114","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=2683 Ack=145 Win=239 Len=
"248","88.994199","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=145 Ack=2715 Win=255 Len=0"
"249","89.767749","40.76.1.176","192.168.43.150","TLSv1.2","779","Application Data"
"250","89.767857","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=1079 Ack=6377 Win=65024 Len=0"
"251","89.773730","192.168.43.150","40.76.1.176","TLSv1.2","427","Application Data"
"252","89.773947","192.168.43.150","40.76.1.176","TLSv1.2","443","Application Data"
"253","90.109220","40.76.1.176","192.168.43.150","TCP","54","443 > 49806 [ACK] Seq=6377 Ack=1841 Win=131584 Len=0
"254","90.529151","40.76.1.176","192.168.43.150","TLSv1.2","779","Application Data"
"255","90.529255","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=1841 Ack=7102 Win=65792 Len=0"
"256","90.639965","192.168.43.150","40.76.1.176","TLSv1.2","427","Application Data"
"257","90.640204","192.168.43.150","40.76.1.176","TLSv1.2","603","Application Data"
"258","91.008156","40.76.1.176","192.168.43.150","TCP","54","443 > 49806 [ACK] Seq=7102 Ack=2763 Win=130560 Len=0
"259","93.043929","40.76.1.176","192.168.43.150","TLSv1.2","779","Application Data"
"260","93.044035","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=2763 Ack=7827 Win=65024 Len=0"
"261","93.052469","192.168.43.150","40.76.1.176","TLSv1.2","427","Application Data"
"262","93.052724","192.168.43.150","40.76.1.176","TLSv1.2","331","Application Data"
"263","93.583517","40.76.1.176","192.168.43.150","TCP","54","443 > 49806 [ACK] Seq=7827 Ack=3413 Win=131584 Len=0
"264","93.823120","52.207.16.100","192.168.43.150","TLSv1.2","86","Application Data"
"265","93.823232","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=553 Ack=635 Win=256 Len=0"
"266","95.039815","40.76.1.176","192.168.43.150","TLSv1.2","779","Application Data"
"267","95.039922","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [ACK] Seq=3413 Ack=8552 Win=65792 Len=0"
"268","95.546017","192.168.43.150","13.71.156.142","TCP","54","[TCP
Win=256 Len=0"
Retransmission] 49797 > 443 [FIN, ACK] Seq=1 Ack=
"269","98.979487","192.168.43.150","111.221.29.115","TCP","171","[TCP
=1 Win=256 Len=117"
Retransmission] 49799 > 443 [PSH, ACK] Seq=1 A
"270","110.697905","192.168.43.150","52.207.16.100","TLSv1.2","330","Application Data"
"271","111.338113","192.168.43.150","52.207.16.100","TCP","330","[TCP
ck=635 Win=256 Len=276"
Retransmission] 49674 > 443 [PSH, ACK] Seq=553
"272","112.498694","192.168.43.150","52.207.16.100","TCP","330","[TCP
ck=635 Win=256 Len=276"
Retransmission] 49674 > 443 [PSH, ACK] Seq=553
"273","112.590303","52.2.29.109","192.168.43.150","TCP","133","8888
"
> 49666 [PSH, ACK] Seq=2715 Ack=145 Win=239 Le
"274","112.590414","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=145 Ack=2794 Win=254 Len=0"
"275","112.776089","52.207.16.100","192.168.43.150","TLSv1.2","339","Application Data"
"276","112.776217","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=829 Ack=920 Win=255 Len=0"
"277","112.798694","52.207.16.100","192.168.43.150","TCP","66","[TCP
Win=330 Len=0 SLE=553 SRE=829"
Dup ACK 275#1] 443 > 49674 [ACK] Seq=920 Ack=8
"278","112.899686","52.207.16.100","192.168.43.150","TCP","66","[TCP
Win=330 Len=0 SLE=553 SRE=829"
Dup ACK 275#2] 443 > 49674 [ACK] Seq=920 Ack=8
"279","114.698980","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=145 Ack=2794 Win=254 Len
"280","115.136767","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=2794 Ack=181 Win=239 Len
"281","115.136989","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=2826 Win=254 Len=0"

"282","116.604236","192.168.43.150","111.221.29.115","TLSv1.2","171","Application Data"
"283","116.606508","192.168.43.150","111.221.29.115","TLSv1.2","139","Encrypted Alert"
"284","116.606947","192.168.43.150","111.221.29.115","TCP","54","49799 > 443 [FIN, ACK] Seq=320 Ack=1 Win=256 Len=
"285","119.520034","192.168.43.150","54.87.171.148","TCP","55","[TCP
92 Len=1"
Keep-Alive] 49802 > 443 [ACK] Seq=0 Ack=1 Win=6
"286","119.612282","192.168.43.150","192.168.43.1","DNS","82","Standard query 0x55e2 A client.wns.windows.com"
"287","119.840454","192.168.43.1","192.168.43.150","DNS","206","Standard
CNAME wns.notify.windows.com.akadns.net CNAME apac1.notify.windows.com.akadns.net
query response 0x55e2 A CNAME
client.wns.windows.
hk2.wns.noti
"288","119.843253","192.168.43.150","111.221.29.198","TCP","66","49807
6 SACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460
"289","119.948963","54.87.171.148","192.168.43.150","TCP","66","[TCP
=27136 Len=0 SLE=0 SRE=1"
Keep-Alive ACK] 443 > 49802 [ACK] Seq=1 Ack=1 W
"290","120.268074","111.221.29.198","192.168.43.150","TCP","66","443
=1400 WS=1 SACK_PERM=1"
> 49807 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0
"291","120.268525","192.168.43.150","111.221.29.198","TCP","54","49807 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"292","120.274516","192.168.43.150","111.221.29.198","TLSv1.2","244","Client Hello"
"293","120.727717","111.221.29.198","192.168.43.150","TCP","1454","443
TCP segment of a reassembled PDU]"
> 49807 [ACK] Seq=1 Ack=191 Win=8002 Len=1
"294","120.727955","192.168.43.150","111.221.29.198","TCP","54","49807 > 443 [ACK] Seq=191 Ack=1401 Win=65792 Len
"295","120.735741","111.221.29.198","192.168.43.150","TCP","114","443
=60 [TCP segment of a reassembled PDU]"
> 49807 [PSH, ACK] Seq=1401 Ack=191 Win=800
"296","120.735996","192.168.43.150","111.221.29.198","TCP","54","49807 > 443 [ACK] Seq=191 Ack=1461 Win=65536 Len
"297","120.736320","111.221.29.198","192.168.43.150","TLSv1.2","681","Server
rver Hello Done"
Hello, Certificate, Server Key Exchange, Se
"298","120.736530","192.168.43.150","111.221.29.198","TCP","54","49807 > 443 [ACK] Seq=191 Ack=2088 Win=65024 Len
"299","120.823436","192.168.43.150","111.221.29.198","TLSv1.2","236","Client
Handshake Message"
Key Exchange, Change Cipher Spec, Encrypte
"300","121.295599","111.221.29.198","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Messag
"301","121.295883","192.168.43.150","111.221.29.198","TCP","54","49807 > 443 [ACK] Seq=373 Ack=2195 Win=64768 Len
"302","121.303696","192.168.43.150","111.221.29.198","TLSv1.2","379","Application Data"
"303","121.304329","192.168.43.150","111.221.29.198","TLSv1.2","1179","Application Data"
"304","121.304804","192.168.43.150","111.221.29.198","TLSv1.2","171","Application Data"
"305","121.378668","192.168.43.150","111.221.29.115","TCP","54","49799 > 443 [RST, ACK] Seq=321 Ack=1 Win=0 Len=0"
"306","121.747220","111.221.29.198","192.168.43.150","TLSv1.2","331","Application Data"
"307","121.747456","192.168.43.150","111.221.29.198","TCP","54","49807 > 443 [ACK] Seq=1940 Ack=2472 Win=64512 Le
"308","121.747721","111.221.29.198","192.168.43.150","TCP","54","443
0"
> 49807 [FIN, ACK] Seq=2472 Ack=698 Win=7495
"309","121.747871","192.168.43.150","111.221.29.198","TCP","54","49807 > 443 [ACK] Seq=1940 Ack=2473 Win=64512 Le
"310","121.749770","192.168.43.150","111.221.29.198","TLSv1.2","139","Encrypted Alert"
"311","121.750066","192.168.43.150","111.221.29.198","TCP","54","49807
n=0"
> 443 [FIN, ACK] Seq=2025 Ack=2473 Win=6451
"312","121.752474","192.168.43.150","192.168.43.1","DNS","91","Standard query 0x1bf4 A HK2SCH130021142.wns.window
"313","121.812498","111.221.29.198","192.168.43.150","TCP","54","443 > 49807 [ACK] Seq=2473 Ack=1940 Win=8192 Len
"314","121.864486","192.168.43.1","192.168.43.150","DNS","107","Standard
dows.com A 111.221.29.108"
query response 0x1bf4 A HK2SCH130021142.w
"315","121.866557","192.168.43.150","111.221.29.108","TCP","66","49808
6 SACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460
"316","122.162833","52.2.29.109","192.168.43.150","TCP","242","8888
8"
> 49666 [PSH, ACK] Seq=2826 Ack=181 Win=239 Le
"317","122.163049","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=3014 Win=253 Len=0"
"318","122.188857","111.221.29.198","192.168.43.150","TCP","54","443 > 49807 [ACK] Seq=2473 Ack=2026 Win=8107 Len
"319","122.291029","111.221.29.108","192.168.43.150","TCP","66","443
=1400 WS=1 SACK_PERM=1"
> 49808 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0
"320","122.291375","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"321","122.295291","192.168.43.150","111.221.29.108","TLSv1.2","253","Client Hello"
"322","122.719191","111.221.29.108","192.168.43.150","TCP","1454","443
TCP segment of a reassembled PDU]"
> 49808 [ACK] Seq=1 Ack=200 Win=7993 Len=1
"323","122.719398","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=200 Ack=1401 Win=65792 Len
"324","122.722380","111.221.29.108","192.168.43.150","TCP","114","443
=60 [TCP segment of a reassembled PDU]"
> 49808 [PSH, ACK] Seq=1401 Ack=200 Win=799
"325","122.722528","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=200 Ack=1461 Win=65536 Len
"326","122.767741","111.221.29.108","192.168.43.150","TCP","1454","443
0 [TCP segment of a reassembled PDU]"
> 49808 [ACK] Seq=1461 Ack=200 Win=7993 Le
"327","122.768009","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=200 Ack=2861 Win=65792 Len
"328","122.776737","111.221.29.108","192.168.43.150","TCP","114","443
=60 [TCP segment of a reassembled PDU]"
> 49808 [PSH, ACK] Seq=2861 Ack=200 Win=799

"329","122.776980","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=200 Ack=2921 Win=65536 Len
"330","122.777299","111.221.29.108","192.168.43.150","TLSv1.2","642","Server
rver Hello Done"
Hello, Certificate, Server Key Exchange, Se
"331","122.777506","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=200 Ack=3509 Win=65024 Len
"332","122.864242","192.168.43.150","111.221.29.108","TLSv1.2","236","Client
Handshake Message"
Key Exchange, Change Cipher Spec, Encrypte
"333","123.316932","111.221.29.108","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Messag
"334","123.317217","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=382 Ack=3616 Win=65024 Len
"335","123.325588","192.168.43.150","111.221.29.108","TLSv1.2","379","Application Data"
"336","123.326281","192.168.43.150","111.221.29.108","TLSv1.2","1179","Application Data"
"337","123.326781","192.168.43.150","111.221.29.108","TLSv1.2","171","Application Data"
"338","123.776207","111.221.29.108","192.168.43.150","TLSv1.2","347","Application Data"
"339","123.776441","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=1949 Ack=3909 Win=64512 Le
"340","123.832296","111.221.29.108","192.168.43.150","TCP","54","443 > 49808 [ACK] Seq=3909 Ack=1832 Win=8192 Len
"341","123.832498","111.221.29.108","192.168.43.150","TCP","54","443 > 49808 [ACK] Seq=3909 Ack=1949 Win=8075 Len
"342","123.837290","111.221.29.108","192.168.43.150","TLSv1.2","171","Application Data"
"343","123.837499","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=1949 Ack=4026 Win=64512 Le
"344","123.837769","111.221.29.108","192.168.43.150","TLSv1.2","235","Application Data"
"345","123.837917","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=1949 Ack=4207 Win=64256 Le
"346","123.838126","111.221.29.108","192.168.43.150","TLSv1.2","171","Application Data"
"347","123.838276","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=1949 Ack=4324 Win=65792 Le
"348","123.841637","192.168.43.150","111.221.29.108","TLSv1.2","171","Application Data"
"349","124.212879","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=3014 Ack=181 Win=239 Le
"350","124.213039","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=3124 Win=253 Len=0"
"351","124.278902","111.221.29.108","192.168.43.150","TLSv1.2","187","Application Data"
"352","124.279072","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [ACK] Seq=2066 Ack=4457 Win=65536 Le
"353","124.318961","192.168.43.150","34.202.72.69","TCP","55","[TCP
=251 Len=1"
Keep-Alive] 49743 > 443 [ACK] Seq=1957 Ack=459 W
"354","124.323114","52.2.29.109","192.168.43.150","TCP","500","8888
6"
> 49666 [PSH, ACK] Seq=3124 Ack=181 Win=239 Le
"355","124.323271","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=3570 Win=251 Len=0"
"356","124.399813","52.2.29.109","192.168.43.150","TCP","243","8888
9"
> 49666 [PSH, ACK] Seq=3570 Ack=181 Win=239 Le
"357","124.399981","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=3759 Win=257 Len=0"
"358","124.653447","34.202.72.69","192.168.43.150","TCP","66","[TCP
Win=186 Len=0 SLE=1957 SRE=1958"
Keep-Alive ACK] 443 > 49743 [ACK] Seq=459 Ack=19
"359","126.472161","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=3759 Ack=181 Win=239 Le
"360","126.472371","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=3869 Win=256 Len=0"
"361","126.472635","52.2.29.109","192.168.43.150","TCP","472","8888
8"
> 49666 [PSH, ACK] Seq=3869 Ack=181 Win=239 Le
"362","126.472775","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=4287 Win=254 Len=0"
"363","129.434259","34.202.72.69","192.168.43.150","TLSv1.2","283","Application Data"
"364","129.434553","192.168.43.150","34.202.72.69","TCP","54","49743 > 443 [ACK] Seq=1958 Ack=688 Win=257 Len=0"
"365","129.439073","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=4287 Ack=181 Win=239 Le
"366","129.439331","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=4397 Win=254 Len=0"
"367","129.959804","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=4397 Ack=181 Win=239 Le
"368","129.960016","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=4507 Win=254 Len=0"
"369","130.454862","192.168.43.150","34.202.72.69","TLSv1.2","1032","Application Data"
"370","130.810110","34.202.72.69","192.168.43.150","TCP","54","443 > 49743 [ACK] Seq=688 Ack=2936 Win=193 Len=0"
"371","131.224605","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=4507 Ack=181 Win=239 Le
"372","131.224879","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=4617 Win=253 Len=0"
"373","133.218770","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=4617 Ack=181 Win=239 Le
"374","133.218954","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=4727 Win=253 Len=0"
"375","133.627414","192.168.43.150","13.71.156.142","TCP","54","49797 > 443 [RST, ACK] Seq=2 Ack=1 Win=0 Len=0"

"376","134.997074","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=4727 Ack=181 Win=239 Le
"377","134.997332","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=4837 Win=252 Len=0"
"378","138.260234","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=4837 Ack=181 Win=239 Le
"379","138.260501","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=4947 Win=252 Len=0"
"380","139.020256","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=4947 Ack=181 Win=239 Le
"381","139.020519","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=5057 Win=251 Len=0"
"382","139.074908","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=5057 Ack=181 Win=239 Le
"383","139.075169","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=181 Ack=5167 Win=257 Len=0"
"384","140.699370","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=181 Ack=5167 Win=257 Len
"385","140.814650","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=5167 Ack=181 Win=239 Le
"386","140.814924","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=5277 Win=256 Len=0"
"387","141.131673","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=5277 Ack=217 Win=239 Len
"388","141.131954","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=5309 Win=256 Len=0"
"389","142.744868","52.2.29.109","192.168.43.150","TCP","201","8888
7"
> 49666 [PSH, ACK] Seq=5309 Ack=217 Win=239 Le
"390","142.745035","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=5456 Win=255 Len=0"
"391","142.768913","52.2.29.109","192.168.43.150","TCP","164","8888
0"
> 49666 [PSH, ACK] Seq=5456 Ack=217 Win=239 Le
"392","142.769073","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=5566 Win=255 Len=0"
"393","143.214028","52.2.29.109","192.168.43.150","TCP","164","[TCP
eq=5456 Ack=217 Win=239 Len=110"
Spurious Retransmission] 8888 > 49666 [PSH, ACK]
"394","143.214111","192.168.43.150","52.2.29.109","TCP","66","[TCP
Win=255 Len=0 SLE=5456 SRE=5566"
Dup ACK 392#1] 49666 > 8888 [ACK] Seq=217 Ack=55
"395","145.416393","52.2.29.109","192.168.43.150","TCP","201","8888
7"
> 49666 [PSH, ACK] Seq=5566 Ack=217 Win=239 Le
"396","145.416656","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=5713 Win=254 Len=0"
"397","148.648220","54.87.171.148","192.168.43.150","TCP","54","443 > 49802 [FIN, ACK] Seq=1 Ack=1 Win=27136 Len=0
"398","148.648508","192.168.43.150","54.87.171.148","TCP","54","[TCP
5792 Len=0"
Dup ACK 37#1] 49802 > 443 [ACK] Seq=1 Ack=1 W
"399","148.650769","192.168.43.150","54.87.171.148","TCP","54","49802 > 443 [ACK] Seq=1 Ack=2 Win=65792 Len=0"
"400","148.788662","SamsungE_83:cd:36","HonHaiPr_46:4b:03","ARP","42","Who has 192.168.43.150? Tell 192.168.43.1"
"401","148.788722","HonHaiPr_46:4b:03","SamsungE_83:cd:36","ARP","42","192.168.43.150 is at 00:71:cc:46:4b:03"
"402","149.767819","52.2.29.109","192.168.43.150","TCP","242","8888
8"
> 49666 [PSH, ACK] Seq=5713 Ack=217 Win=239 Le
"403","149.768030","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=5901 Win=254 Len=0"
"404","149.966175","52.2.29.109","192.168.43.150","TCP","242","8888
8"
> 49666 [PSH, ACK] Seq=5901 Ack=217 Win=239 Le
"405","149.966391","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=6089 Win=253 Len=0"
"406","152.419741","52.2.29.109","192.168.43.150","TCP","192","8888
8"
> 49666 [PSH, ACK] Seq=6089 Ack=217 Win=239 Le
"407","152.420004","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=6227 Win=252 Len=0"
"408","153.700179","192.168.43.150","52.207.16.100","TLSv1.2","330","Application Data"
"409","153.816820","52.207.16.100","192.168.43.150","TLSv1.2","86","Application Data"
"410","153.817104","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=1105 Ack=952 Win=255 Len=0"
"411","154.134242","52.207.16.100","192.168.43.150","TCP","54","443 > 49674 [ACK] Seq=952 Ack=1105 Win=336 Len=0"
"412","154.135188","52.207.16.100","192.168.43.150","TLSv1.2","339","Application Data"
"413","154.135381","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=1105 Ack=1237 Win=254 Len=0
"414","155.476168","52.2.29.109","192.168.43.150","TCP","243","8888
9"
> 49666 [PSH, ACK] Seq=6227 Ack=217 Win=239 Le
"415","155.476296","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=6416 Win=252 Len=0"
"416","160.046950","52.2.29.109","192.168.43.150","TCP","500","8888
6"
> 49666 [PSH, ACK] Seq=6416 Ack=217 Win=239 Le
"417","160.047167","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=6862 Win=257 Len=0"
"418","160.157109","52.2.29.109","192.168.43.150","TCP","370","8888
6"
> 49666 [PSH, ACK] Seq=6862 Ack=217 Win=239 Le
"419","160.157331","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=7178 Win=255 Len=0"
"420","160.181128","52.2.29.109","192.168.43.150","TCP","192","8888
8"
> 49666 [PSH, ACK] Seq=7178 Ack=217 Win=239 Le
"421","160.181333","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=7316 Win=255 Len=0"
"422","162.112472","52.2.29.109","192.168.43.150","TCP","202","8888
8"
> 49666 [PSH, ACK] Seq=7316 Ack=217 Win=239 Le

"423","162.112685","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=217 Ack=7464 Win=254 Len=0"
"424","166.603824","192.168.43.150","40.76.1.176","TCP","54","49806
"
> 443 [FIN, ACK] Seq=3413 Ack=8552 Win=65792 L
"425","166.695545","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=217 Ack=7464 Win=254 Len
"426","167.060121","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=7464 Ack=253 Win=239 Len
"427","167.060421","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=7496 Win=254 Len=0"
"428","167.425139","192.168.43.150","40.76.1.176","TCP","54","[TCP
=8552 Win=65792 Len=0"
Retransmission] 49806 > 443 [FIN, ACK] Seq=3413 Ac
"429","168.946336","192.168.43.150","40.76.1.176","TCP","54","[TCP
=8552 Win=65792 Len=0"
Retransmission] 49806 > 443 [FIN, ACK] Seq=3413 Ac
"430","168.947334","95.183.2.66","192.168.43.150","TCP","54","80 > 49803 [RST, ACK] Seq=626 Ack=277 Win=0 Len=0"
"431","169.613824","52.2.29.109","192.168.43.150","TCP","203","8888
9"
> 49666 [PSH, ACK] Seq=7496 Ack=253 Win=239 Le
"432","169.614098","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=7645 Win=253 Len=0"
"433","171.986437","192.168.43.150","40.76.1.176","TCP","54","[TCP
=8552 Win=65792 Len=0"
Retransmission] 49806 > 443 [FIN, ACK] Seq=3413 Ac
"434","175.814645","192.168.43.150","34.202.72.69","TCP","55","[TCP
=257 Len=1"
Keep-Alive] 49743 > 443 [ACK] Seq=2935 Ack=688 W
"435","176.262572","34.202.72.69","192.168.43.150","TCP","66","[TCP
Win=193 Len=0 SLE=2935 SRE=2936"
Keep-Alive ACK] 443 > 49743 [ACK] Seq=688 Ack=29
"436","176.626194","52.2.29.109","192.168.43.150","TCP","192","8888
8"
> 49666 [PSH, ACK] Seq=7645 Ack=253 Win=239 Le
"437","176.626521","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=7783 Win=253 Len=0"
"438","178.067817","192.168.43.150","40.76.1.176","TCP","54","[TCP
=8552 Win=65792 Len=0"
Retransmission] 49806 > 443 [FIN, ACK] Seq=3413 Ac
"439","178.499919","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"440","179.500701","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"441","180.501225","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"442","180.822533","34.202.72.69","192.168.43.150","TLSv1.2","283","Application Data"
"443","180.822800","192.168.43.150","34.202.72.69","TCP","54","49743 > 443 [ACK] Seq=2936 Ack=917 Win=256 Len=0"
"444","180.877550","52.2.29.109","192.168.43.150","TCP","204","8888
0"
> 49666 [PSH, ACK] Seq=7783 Ack=253 Win=239 Le
"445","180.877812","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=7933 Win=252 Len=0"
"446","181.503484","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"447","181.844604","192.168.43.150","34.202.72.69","TLSv1.2","1032","Application Data"
"448","182.312761","34.202.72.69","192.168.43.150","TCP","54","443 > 49743 [ACK] Seq=917 Ack=3914 Win=201 Len=0"
"449","184.119614","52.2.29.109","192.168.43.150","TCP","189","8888
5"
> 49666 [PSH, ACK] Seq=7933 Ack=253 Win=239 Le
"450","184.119755","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=8068 Win=252 Len=0"
"451","184.890488","52.2.29.109","192.168.43.150","TCP","512","8888
8"
> 49666 [PSH, ACK] Seq=8068 Ack=253 Win=239 Le
"452","184.890607","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=8526 Win=257 Len=0"
"453","186.260627","52.2.29.109","192.168.43.150","TCP","382","8888
8"
> 49666 [PSH, ACK] Seq=8526 Ack=253 Win=239 Le
"454","186.260892","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=8854 Win=255 Len=0"
"455","186.261232","52.2.29.109","192.168.43.150","TCP","189","8888
5"
> 49666 [PSH, ACK] Seq=8854 Ack=253 Win=239 Le
"456","186.261433","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=8989 Win=255 Len=0"
"457","189.563391","52.2.29.109","192.168.43.150","TCP","242","8888
8"
> 49666 [PSH, ACK] Seq=8989 Ack=253 Win=239 Le
"458","189.563547","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=9177 Win=254 Len=0"
"459","190.228475","192.168.43.150","40.76.1.176","TCP","54","[TCP
=8552 Win=65792 Len=0"
Retransmission] 49806 > 443 [FIN, ACK] Seq=3413 Ac
"460","191.112470","52.2.29.109","192.168.43.150","TCP","242","8888
8"
> 49666 [PSH, ACK] Seq=9177 Ack=253 Win=239 Le
"461","191.112699","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=253 Ack=9365 Win=253 Len=0"
"462","192.696480","192.168.43.150","52.2.29.109","TCP","90","49666 > 8888 [PSH, ACK] Seq=253 Ack=9365 Win=253 Len
"463","193.132281","52.2.29.109","192.168.43.150","TCP","86","8888 > 49666 [PSH, ACK] Seq=9365 Ack=289 Win=239 Len
"464","193.132566","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=9397 Win=253 Len=0"
"465","193.646988","192.168.43.150","54.87.171.148","TCP","55","[TCP
92 Len=1"
Keep-Alive] 49802 > 443 [ACK] Seq=0 Ack=2 Win=6
"466","193.969240","54.87.171.148","192.168.43.150","TCP","54","[TCP
=27136 Len=0"
Keep-Alive ACK] 443 > 49802 [ACK] Seq=2 Ack=1 W
"467","194.706329","192.168.43.150","52.207.16.100","TLSv1.2","330","Application Data"
"468","194.774802","52.2.29.109","192.168.43.150","TCP","475","8888
1"
> 49666 [PSH, ACK] Seq=9397 Ack=289 Win=239 Le
"469","194.774907","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=9818 Win=251 Len=0"

"470","194.775148","52.2.29.109","192.168.43.150","TCP","475","8888
1"
> 49666 [PSH, ACK] Seq=9818 Ack=289 Win=239 Le
"471","194.775217","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=10239 Win=257 Len=0"
"472","195.094344","52.207.16.100","192.168.43.150","TLSv1.2","339","Application Data"
"473","195.094472","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=1381 Ack=1522 Win=253 Len=0
"474","195.170172","52.2.29.109","192.168.43.150","TCP","471","8888
17"
> 49666 [PSH, ACK] Seq=10239 Ack=289 Win=239 L
"475","195.170298","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=10656 Win=255 Len=0"
"476","197.324360","52.2.29.109","192.168.43.150","TCP","243","8888
89"
> 49666 [PSH, ACK] Seq=10656 Ack=289 Win=239 L
"477","197.324624","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=10845 Win=254 Len=0"
"478","197.824063","52.2.29.109","192.168.43.150","TCP","192","8888
38"
> 49666 [PSH, ACK] Seq=10845 Ack=289 Win=239 L
"479","197.824265","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=10983 Win=254 Len=0"
"480","210.557154","52.2.29.109","192.168.43.150","TCP","503","8888
49"
> 49666 [PSH, ACK] Seq=10983 Ack=289 Win=239 L
"481","210.557412","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=11432 Win=252 Len=0"
"482","213.942629","52.207.16.100","192.168.43.150","TLSv1.2","86","Application Data"
"483","213.942847","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=1381 Ack=1554 Win=253 Len=0
"484","214.548478","192.168.43.150","40.76.1.176","TCP","54","49806 > 443 [RST, ACK] Seq=3414 Ack=8552 Win=0 Len=0
"485","215.129362","52.2.29.109","192.168.43.150","TCP","204","8888
50"
> 49666 [PSH, ACK] Seq=11432 Ack=289 Win=239 L
"486","215.129500","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=289 Ack=11582 Win=251 Len=0"
"487","218.696401","192.168.43.150","52.2.29.109","TCP","90","49666
"
> 8888 [PSH, ACK] Seq=289 Ack=11582 Win=251 Le
"488","219.118163","52.2.29.109","192.168.43.150","TCP","86","8888
"
> 49666 [PSH, ACK] Seq=11582 Ack=325 Win=239 Le
"489","219.118373","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=325 Ack=11614 Win=251 Len=0"
"490","222.888602","52.2.29.109","192.168.43.150","TCP","586","8888
32"
> 49666 [PSH, ACK] Seq=11614 Ack=325 Win=239 L
"491","222.888874","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=325 Ack=12146 Win=257 Len=0"
"492","223.136802","52.2.29.109","192.168.43.150","TCP","586","[TCP
eq=11614 Ack=325 Win=239 Len=532"
Spurious Retransmission] 8888 > 49666 [PSH, ACK]
"493","223.136975","192.168.43.150","52.2.29.109","TCP","66","[TCP
Win=257 Len=0 SLE=11614 SRE=12146"
Dup ACK 491#1] 49666 > 8888 [ACK] Seq=325 Ack=12
"494","224.090811","52.2.29.109","192.168.43.150","TCP","164","8888
10"
> 49666 [PSH, ACK] Seq=12146 Ack=325 Win=239 L
"495","224.091076","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=325 Ack=12256 Win=256 Len=0"
"496","226.640620","52.2.29.109","192.168.43.150","TCP","192","8888
38"
> 49666 [PSH, ACK] Seq=12256 Ack=325 Win=239 L
"497","226.640883","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=325 Ack=12394 Win=256 Len=0"
"498","227.311083","192.168.43.150","34.202.72.69","TCP","55","[TCP
=256 Len=1"
Keep-Alive] 49743 > 443 [ACK] Seq=3913 Ack=917 W
"499","227.608758","34.202.72.69","192.168.43.150","TCP","66","[TCP
Win=201 Len=0 SLE=3913 SRE=3914"
Keep-Alive ACK] 443 > 49743 [ACK] Seq=917 Ack=39
"500","232.315466","34.202.72.69","192.168.43.150","TLSv1.2","283","Application Data"
"501","232.315734","192.168.43.150","34.202.72.69","TCP","54","49743 > 443 [ACK] Seq=3914 Ack=1146 Win=255 Len=0"
"502","232.743146","192.168.43.150","192.168.43.1","DNS","87","Standard query 0xb9f6 A googleads.g.doubleclick.net"
"503","232.807341","192.168.43.1","192.168.43.150","DNS","128","Standard
.net CNAME pagead46.l.doubleclick.net A 216.58.201.226"
query response 0xb9f6 A googleads.g.doublecl
"504","232.881561","192.168.43.150","216.58.201.226","QUIC","1392","Client Hello, PKN: 1, CID: 14068420574632394151"
"505","232.882802","192.168.43.150","216.58.201.226","QUIC","507","Payload
1"
(Encrypted), PKN: 2, CID: 140684205746323
"506","233.169140","216.58.201.226","192.168.43.150","QUIC","1392","Rejection, PKN: 1, CID: 14068420574632394151"
"507","233.176266","216.58.201.226","192.168.43.150","QUIC","1392","Payload
51"
(Encrypted), PKN: 2, CID: 14068420574632
"508","233.197745","192.168.43.150","216.58.201.226","QUIC","80","Payload
"
(Encrypted), PKN: 3, CID: 1406842057463239
"509","233.222894","216.58.201.226","192.168.43.150","QUIC","77","Payload
"
(Encrypted), PKN: 3, CID: 1406842057463239
"510","233.270044","192.168.43.150","216.58.201.226","QUIC","1392","Client Hello, PKN: 4, CID: 14068420574632394151"
"511","233.270509","192.168.43.150","216.58.201.226","QUIC","503","Payload
1"
(Encrypted), PKN: 5, CID: 140684205746323
"512","233.337175","192.168.43.150","34.202.72.69","TLSv1.2","1032","Application Data"
"513","233.341984","216.58.201.226","192.168.43.150","QUIC","1392","Rejection, PKN: 4, CID: 14068420574632394151"
"514","233.368118","192.168.43.150","216.58.201.226","QUIC","80","Payload
"
(Encrypted), PKN: 6, CID: 1406842057463239
"515","233.388048","216.58.201.226","192.168.43.150","QUIC","1392","Payload
51"
(Encrypted), PKN: 5, CID: 14068420574632
"516","233.414192","192.168.43.150","216.58.201.226","QUIC","77","Payload
"
(Encrypted), PKN: 7, CID: 1406842057463239

"517","233.532254","216.58.201.226","192.168.43.150","QUIC","1392","Payload (Encrypted), PKN: 6"
"518","233.532525","216.58.201.226","192.168.43.150","QUIC","73","Payload (Encrypted), PKN: 7"
"519","233.533196","216.58.201.226","192.168.43.150","QUIC","72","Payload (Encrypted), PKN: 8"
"520","233.533389","216.58.201.226","192.168.43.150","QUIC","72","Payload (Encrypted), PKN: 9"
"521","233.535684","192.168.43.150","216.58.201.226","QUIC","83","Payload
"
(Encrypted), PKN: 8, CID: 1406842057463239
"522","233.536370","192.168.43.150","216.58.201.226","QUIC","80","Payload
"
(Encrypted), PKN: 9, CID: 1406842057463239
"523","233.539209","216.58.201.226","192.168.43.150","QUIC","699","Payload (Encrypted), PKN: 10"
"524","233.539640","216.58.201.226","192.168.43.150","QUIC","60","Payload (Encrypted), PKN: 11"
"525","233.540640","192.168.43.150","216.58.201.226","QUIC","86","Payload
1"
(Encrypted), PKN: 10, CID: 140684205746323
"526","233.546933","192.168.43.150","216.58.201.226","QUIC","108","Payload
51"
(Encrypted), PKN: 11, CID: 14068420574632
"527","233.639619","34.202.72.69","192.168.43.150","TCP","54","443 > 49743 [ACK] Seq=1146 Ack=4892 Win=209 Len=0"
"528","233.749344","216.58.201.226","192.168.43.150","QUIC","84","Payload (Encrypted), PKN: 12"
"529","233.757685","216.58.201.226","192.168.43.150","QUIC","223","Payload (Encrypted), PKN: 13"
"530","233.758092","216.58.201.226","192.168.43.150","QUIC","60","Payload (Encrypted), PKN: 14"
"531","233.758966","192.168.43.150","216.58.201.226","QUIC","83","Payload
1"
(Encrypted), PKN: 12, CID: 140684205746323
"532","235.711559","192.168.43.150","52.207.16.100","TLSv1.2","330","Application Data"
"533","236.169147","52.207.16.100","192.168.43.150","TLSv1.2","339","Application Data"
"534","236.169434","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=1657 Ack=1839 Win=252 Len=0
"535","236.327370","52.2.29.109","192.168.43.150","TCP","360","8888
06"
> 49666 [PSH, ACK] Seq=12394 Ack=325 Win=239 L
"536","236.327629","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=325 Ack=12700 Win=254 Len=0"
"537","237.435965","52.2.29.109","192.168.43.150","TCP","192","8888
38"
> 49666 [PSH, ACK] Seq=12700 Ack=325 Win=239 L
"538","237.436180","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=325 Ack=12838 Win=254 Len=0"
"539","238.705058","192.168.43.150","192.168.43.1","DNS","75","Standard query 0x4e93 A www.youtube.com"
"540","238.973217","192.168.43.150","54.87.171.148","TCP","55","[TCP
92 Len=1"
Keep-Alive] 49802 > 443 [ACK] Seq=0 Ack=2 Win=6
"541","238.986383","192.168.43.150","192.168.43.1","DNS","75","Standard query 0x4e93 A www.youtube.com"
"542","239.029317","192.168.43.1","192.168.43.150","DNS","125","Standard
outube-ui.l.google.com A 216.58.204.142"
query response 0x4e93 A www.youtube.com C
"543","239.102062","192.168.43.150","216.58.204.142","QUIC","1392","Client Hello, PKN: 1, CID: 3422724954754342164"
"544","239.103646","192.168.43.150","216.58.204.142","QUIC","1135","Payload
4"
(Encrypted), PKN: 2, CID: 34227249547543
"545","239.288806","54.87.171.148","192.168.43.150","TCP","54","443 > 49802 [RST] Seq=2 Win=0 Len=0"
"546","239.372660","216.58.204.142","192.168.43.150","QUIC","1392","Payload (Encrypted), PKN: 1"
"547","239.373756","216.58.204.142","192.168.43.150","QUIC","73","Payload (Encrypted), PKN: 2"
"548","239.375091","192.168.43.150","216.58.204.142","QUIC","83","Payload (Encrypted), PKN: 3, CID: 3422724954754342
"549","239.375517","192.168.43.150","216.58.204.142","QUIC","80","Payload (Encrypted), PKN: 4, CID: 3422724954754342
"550","239.398623","216.58.204.142","192.168.43.150","QUIC","69","Payload (Encrypted), PKN: 3"
"551","239.467926","216.58.204.142","192.168.43.150","QUIC","456","Payload (Encrypted), PKN: 4"
"552","239.494009","192.168.43.150","216.58.204.142","QUIC","80","Payload (Encrypted), PKN: 5, CID: 3422724954754342
"553","239.598659","216.58.204.142","192.168.43.150","QUIC","69","Payload (Encrypted), PKN: 5"
"554","239.704987","192.168.43.150","216.58.204.142","QUIC","178","Payload
"
(Encrypted), PKN: 6, CID: 342272495475434
"555","239.705330","192.168.43.150","216.58.204.142","QUIC","688","Payload
"
(Encrypted), PKN: 7, CID: 342272495475434
"556","239.794233","SamsungE_83:cd:36","HonHaiPr_46:4b:03","ARP","42","Who has 192.168.43.150? Tell 192.168.43.1"
"557","239.794281","HonHaiPr_46:4b:03","SamsungE_83:cd:36","ARP","42","192.168.43.150 is at 00:71:cc:46:4b:03"
"558","239.939663","216.58.204.142","192.168.43.150","QUIC","75","Payload (Encrypted), PKN: 6"
"559","240.079832","216.58.204.142","192.168.43.150","QUIC","69","Payload (Encrypted), PKN: 7"
"560","240.141174","216.58.204.142","192.168.43.150","QUIC","188","Payload (Encrypted), PKN: 8"
"561","240.167033","192.168.43.150","216.58.204.142","QUIC","86","Payload (Encrypted), PKN: 8, CID: 3422724954754342
"562","244.279584","192.168.43.150","111.221.29.108","TLSv1.2","171","Application Data"
"563","244.694956","192.168.43.150","52.2.29.109","TCP","90","49666
"
> 8888 [PSH, ACK] Seq=325 Ack=12838 Win=254 Le

"564","244.989661","52.2.29.109","192.168.43.150","TCP","86","8888
"
> 49666 [PSH, ACK] Seq=12838 Ack=361 Win=239 Le
"565","244.989767","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=361 Ack=12870 Win=254 Len=0"
"566","245.059094","192.168.43.150","111.221.29.108","TCP","171","[TCP
Ack=4457 Win=65536 Len=117"
Retransmission] 49808 > 443 [PSH, ACK] Seq=20
"567","245.640903","192.168.43.150","192.168.43.1","DNS","87","Standard query 0xbe9a A roaming.officeapps.live.com"
"568","245.887337","192.168.43.1","192.168.43.150","DNS","171","Standard
.com CNAME prod.roaming1.live.com.akadns.net CNAME europe.roaming1.live.com.akadns.net
query response 0xbe9a A roaming.officeapps.l
A 13.69.159.30"
"569","245.888390","192.168.43.150","13.69.159.30","TCP","66","49809
SACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 W
"570","246.340807","13.69.159.30","192.168.43.150","TCP","66","443
400 WS=256 SACK_PERM=1"
> 49809 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 M
"571","246.340973","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"572","246.342876","192.168.43.150","13.69.159.30","TLSv1.2","254","Client Hello"
"573","246.500213","192.168.43.150","111.221.29.108","TCP","171","[TCP
Ack=4457 Win=65536 Len=117"
Retransmission] 49808 > 443 [PSH, ACK] Seq=20
"574","246.673820","13.69.159.30","192.168.43.150","TCP","1454","443
TCP segment of a reassembled PDU]"
> 49809 [ACK] Seq=1 Ack=201 Win=131584 Len=1
"575","246.673938","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=201 Ack=1401 Win=65792 Len=0
"576","246.682347","13.69.159.30","192.168.43.150","TCP","1454","443
0 [TCP segment of a reassembled PDU]"
> 49809 [ACK] Seq=1401 Ack=201 Win=131584 Le
"577","246.682455","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=201 Ack=2801 Win=65792 Len=0
"578","246.690484","13.69.159.30","192.168.43.150","TCP","1454","443
0 [TCP segment of a reassembled PDU]"
> 49809 [ACK] Seq=2801 Ack=201 Win=131584 Le
"579","246.690606","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=201 Ack=4201 Win=65792 Len=0
"580","246.700194","13.69.159.30","192.168.43.150","TLSv1.2","1371","Server
er Key Exchange, Server Hello Done"
Hello, Certificate, Certificate Status, Serv
"581","246.700315","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=201 Ack=5518 Win=64256 Len=0
"582","246.741732","192.168.43.150","13.69.159.30","TLSv1.2","268","Client
andshake Message"
Key Exchange, Change Cipher Spec, Encrypted
"583","247.008996","13.69.159.30","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Message"
"584","247.009110","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=415 Ack=5625 Win=65792 Len=0
"585","247.009945","192.168.43.150","13.69.159.30","TLSv1.2","443","Application Data"
"586","247.010392","192.168.43.150","13.69.159.30","TCP","1454","49809
[TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=804 Ack=5625 Win=65792 Len
"587","247.010403","192.168.43.150","13.69.159.30","TCP","1454","49809
0 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=2204 Ack=5625 Win=65792 Le
"588","247.010409","192.168.43.150","13.69.159.30","TCP","1454","49809
0 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=3604 Ack=5625 Win=65792 Le
"589","247.010420","192.168.43.150","13.69.159.30","TCP","1454","49809
0 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=5004 Ack=5625 Win=65792 Le
"590","247.345480","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=804 Win=130816 Len=
"591","247.417421","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=2204 Win=131584 Len
"592","247.417508","192.168.43.150","13.69.159.30","TCP","1454","49809
0 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=6404 Ack=5625 Win=65792 Le
"593","247.417521","192.168.43.150","13.69.159.30","TCP","1454","49809
0 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=7804 Ack=5625 Win=65792 Le
"594","247.496705","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=3604 Win=131584 Len
"595","247.496793","192.168.43.150","13.69.159.30","TCP","1454","49809
0 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=9204 Ack=5625 Win=65792 Le
"596","247.496809","192.168.43.150","13.69.159.30","TCP","1454","49809
00 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=10604 Ack=5625 Win=65792 L
"597","247.659555","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=5004 Win=131584 Len
"598","247.659636","192.168.43.150","13.69.159.30","TCP","1454","49809
00 [TCP segment of a reassembled PDU]"
> 443 [ACK] Seq=12004 Ack=5625 Win=65792 L
"599","247.659647","192.168.43.150","13.69.159.30","TLSv1.2","835","Application Data"
"600","247.752822","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=6404 Win=131584 Len
"601","247.845183","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=7804 Win=131584 Len
"602","247.883292","192.168.43.150","216.58.201.226","QUIC","65","Payload
1"
(Encrypted), PKN: 13, CID: 140684205746323
"603","247.936711","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=9204 Win=131584 Len
"604","248.026734","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=10604 Win=131584 Le
"605","248.147763","13.69.159.30","192.168.43.150","TCP","54","443 > 49809 [ACK] Seq=5625 Ack=13404 Win=131584 Le
"606","248.160678","216.58.201.226","192.168.43.150","QUIC","72","Payload (Encrypted), PKN: 15"
"607","248.176210","13.69.159.30","192.168.43.150","TLSv1.2","139","Encrypted Handshake Message"
"608","248.176342","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14185 Ack=5710 Win=65536 Len
"609","248.177010","192.168.43.150","13.69.159.30","TLSv1.2","331","Encrypted Handshake Message"
"610","248.536470","13.69.159.30","192.168.43.150","TCP","1454","443
400 [TCP segment of a reassembled PDU]"
> 49809 [ACK] Seq=5710 Ack=14462 Win=130304

"611","248.536768","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14462 Ack=7110 Win=65792 Len
"612","248.538303","13.69.159.30","192.168.43.150","TCP","1454","443
400 [TCP segment of a reassembled PDU]"
> 49809 [ACK] Seq=7110 Ack=14462 Win=130304
"613","248.538479","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14462 Ack=8510 Win=65792 Len
"614","248.548034","13.69.159.30","192.168.43.150","TCP","1454","443
400 [TCP segment of a reassembled PDU]"
> 49809 [ACK] Seq=8510 Ack=14462 Win=130304
"615","248.548281","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14462 Ack=9910 Win=65792 Len
"616","248.555897","13.69.159.30","192.168.43.150","TCP","1454","443
400 [TCP segment of a reassembled PDU]"
> 49809 [ACK] Seq=9910 Ack=14462 Win=130304
"617","248.556143","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14462 Ack=11310 Win=65792 Le
"618","248.556500","13.69.159.30","192.168.43.150","TLSv1.2","91","Encrypted Handshake Message"
"619","248.556718","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14462 Ack=11347 Win=65536 Le
"620","248.761126","192.168.43.150","13.69.159.30","TLSv1.2","421","Encrypted
rypted Handshake Message"
Handshake Message, Change Cipher Spec,
"621","249.078805","13.69.159.30","192.168.43.150","TLSv1.2","240","Change Cipher Spec, Encrypted Handshake Message"
"622","249.079105","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14829 Ack=11533 Win=65536 Le
"623","249.331709","13.69.159.30","192.168.43.150","TLSv1.2","1083","Application Data"
"624","249.331984","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14829 Ack=12562 Win=64512 Le
"625","249.354168","192.168.43.150","13.69.159.30","TCP","54","49809
n=0"
> 443 [FIN, ACK] Seq=14829 Ack=12562 Win=6451
"626","249.380842","192.168.43.150","111.221.29.108","TCP","171","[TCP
Ack=4457 Win=65536 Len=117"
Retransmission] 49808 > 443 [PSH, ACK] Seq=20
"627","249.603897","13.69.159.30","192.168.43.150","TCP","54","443
en=0"
> 49809 [FIN, ACK] Seq=12562 Ack=14830 Win=1315
"628","249.604088","192.168.43.150","13.69.159.30","TCP","54","49809 > 443 [ACK] Seq=14830 Ack=12563 Win=64512 Le
"629","252.260909","192.168.43.150","111.221.29.108","TCP","171","[TCP
Ack=4457 Win=65536 Len=117"
Retransmission] 49808 > 443 [PSH, ACK] Seq=20
"630","255.141897","192.168.43.150","111.221.29.108","TCP","171","[TCP
Ack=4457 Win=65536 Len=117"
Retransmission] 49808 > 443 [PSH, ACK] Seq=20
"631","260.901995","192.168.43.150","111.221.29.108","TCP","171","[TCP
Ack=4457 Win=65536 Len=117"
Retransmission] 49808 > 443 [PSH, ACK] Seq=20
"632","270.696511","192.168.43.150","52.2.29.109","TCP","90","49666
"
> 8888 [PSH, ACK] Seq=361 Ack=12870 Win=254 Le
"633","271.387191","192.168.43.150","52.2.29.109","TCP","90","[TCP
=12870 Win=254 Len=36"
Retransmission] 49666 > 8888 [PSH, ACK] Seq=361 A
"634","272.417987","192.168.43.150","111.221.29.108","TCP","171","[TCP
Ack=4457 Win=65536 Len=117"
Retransmission] 49808 > 443 [PSH, ACK] Seq=20
"635","272.648252","192.168.43.150","52.2.29.109","TCP","90","[TCP
=12870 Win=254 Len=36"
Retransmission] 49666 > 8888 [PSH, ACK] Seq=361 A
"636","272.673240","52.2.29.109","192.168.43.150","TCP","86","8888
"
> 49666 [PSH, ACK] Seq=12870 Ack=397 Win=239 Le
"637","272.673535","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=397 Ack=12902 Win=254 Len=0"
"638","272.773196","52.2.29.109","192.168.43.150","TCP","66","[TCP
Win=239 Len=0 SLE=361 SRE=397"
Dup ACK 636#1] 8888 > 49666 [ACK] Seq=12902 Ack
"639","272.943697","52.2.29.109","192.168.43.150","TCP","66","[TCP
Win=239 Len=0 SLE=361 SRE=397"
Dup ACK 636#2] 8888 > 49666 [ACK] Seq=12902 Ack
"640","273.927373","52.207.16.100","192.168.43.150","TLSv1.2","86","Application Data"
"641","273.927639","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=1657 Ack=1871 Win=252 Len=0
"642","276.695995","192.168.43.150","52.207.16.100","TLSv1.2","330","Application Data"
"643","277.095282","52.207.16.100","192.168.43.150","TLSv1.2","339","Application Data"
"644","277.095576","192.168.43.150","52.207.16.100","TCP","54","49674 > 443 [ACK] Seq=1933 Ack=2156 Win=257 Len=0
"645","278.638262","192.168.43.150","34.202.72.69","TCP","55","[TCP
n=255 Len=1"
Keep-Alive] 49743 > 443 [ACK] Seq=4891 Ack=1146
"646","279.040816","34.202.72.69","192.168.43.150","TCP","66","[TCP
2 Win=209 Len=0 SLE=4891 SRE=4892"
Keep-Alive ACK] 443 > 49743 [ACK] Seq=1146 Ack=4
"647","283.766212","34.202.72.69","192.168.43.150","TLSv1.2","283","Application Data"
"648","283.766441","192.168.43.150","34.202.72.69","TCP","54","49743 > 443 [ACK] Seq=4892 Ack=1375 Win=254 Len=0"
"649","284.778932","192.168.43.150","34.202.72.69","TLSv1.2","1032","Application Data"
"650","285.071612","34.202.72.69","192.168.43.150","TCP","54","443 > 49743 [ACK] Seq=1375 Ack=5870 Win=216 Len=0"
"651","285.184027","192.168.43.150","17.252.76.72","TCP","107","49237 > 5223 [PSH, ACK] Seq=1 Ack=1 Win=255 Len=53
"652","285.410111","17.252.76.72","192.168.43.150","TCP","128","5223 > 49237 [PSH, ACK] Seq=1 Ack=54 Win=252 Len=7
"653","285.410226","192.168.43.150","17.252.76.72","TCP","54","49237 > 5223 [ACK] Seq=54 Ack=75 Win=255 Len=0"
"654","285.950009","52.2.29.109","192.168.43.150","TCP","204","8888
50"
> 49666 [PSH, ACK] Seq=12902 Ack=397 Win=239 L
"655","285.950263","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=397 Ack=13052 Win=253 Len=0"
"656","289.279622","192.168.43.150","111.221.29.108","TLSv1.2","171","Application Data"
"657","289.282300","192.168.43.150","111.221.29.108","TLSv1.2","139","Encrypted Alert"

"658","289.282678","192.168.43.150","111.221.29.108","TCP","54","49808
n=0"
> 443 [FIN, ACK] Seq=2385 Ack=4457 Win=6553
"659","292.965989","52.2.29.109","192.168.43.150","TCP","164","8888
10"
> 49666 [PSH, ACK] Seq=13052 Ack=397 Win=239 L
"660","292.966158","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=397 Ack=13162 Win=253 Len=0"
"661","294.705996","192.168.43.150","192.168.43.1","DNS","82","Standard query 0x99f8 A client.wns.windows.com"
"662","294.986785","192.168.43.150","192.168.43.1","DNS","82","Standard query 0x99f8 A client.wns.windows.com"
"663","295.024836","192.168.43.1","192.168.43.150","DNS","206","Standard
CNAME wns.notify.windows.com.akadns.net CNAME apac1.notify.windows.com.akadns.net
query response 0x99f8 A client.wns.windows.c
CNAME hk2.wns.noti
"664","295.026456","192.168.43.150","111.221.29.198","TCP","66","49810
6 SACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460
"665","295.442224","111.221.29.198","192.168.43.150","TCP","66","443
=1400 WS=1 SACK_PERM=1"
> 49810 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0
"666","295.442720","192.168.43.150","111.221.29.198","TCP","54","49810 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"667","295.450660","192.168.43.150","111.221.29.198","TLSv1.2","244","Client Hello"
"668","295.456513","192.168.43.150","111.221.29.108","TCP","54","49808 > 443 [RST, ACK] Seq=2386 Ack=4457 Win=0 Le
"669","295.932277","111.221.29.198","192.168.43.150","TCP","1454","443
TCP segment of a reassembled PDU]"
> 49810 [ACK] Seq=1 Ack=191 Win=8002 Len=1
"670","295.932517","192.168.43.150","111.221.29.198","TCP","54","49810 > 443 [ACK] Seq=191 Ack=1401 Win=65792 Len
"671","295.932873","111.221.29.198","192.168.43.150","TCP","114","443
=60 [TCP segment of a reassembled PDU]"
> 49810 [PSH, ACK] Seq=1401 Ack=191 Win=800
"672","295.933044","192.168.43.150","111.221.29.198","TCP","54","49810 > 443 [ACK] Seq=191 Ack=1461 Win=65536 Len
"673","295.934029","111.221.29.198","192.168.43.150","TLSv1.2","681","Server
rver Hello Done"
Hello, Certificate, Server Key Exchange, Se
"674","295.934223","192.168.43.150","111.221.29.198","TCP","54","49810 > 443 [ACK] Seq=191 Ack=2088 Win=65024 Len
"675","295.999079","192.168.43.150","111.221.29.198","TLSv1.2","236","Client
Handshake Message"
Key Exchange, Change Cipher Spec, Encrypte
"676","296.406875","111.221.29.198","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Messag
"677","296.407099","192.168.43.150","111.221.29.198","TCP","54","49810 > 443 [ACK] Seq=373 Ack=2195 Win=64768 Len
"678","296.413006","192.168.43.150","111.221.29.198","TLSv1.2","379","Application Data"
"679","296.413509","192.168.43.150","111.221.29.198","TLSv1.2","1179","Application Data"
"680","296.413853","192.168.43.150","111.221.29.198","TLSv1.2","171","Application Data"
"681","296.815515","111.221.29.198","192.168.43.150","TLSv1.2","331","Application Data"
"682","296.815813","192.168.43.150","111.221.29.198","TCP","54","49810 > 443 [ACK] Seq=1940 Ack=2472 Win=64512 Le
"683","296.816177","111.221.29.198","192.168.43.150","TCP","54","443
0"
> 49810 [FIN, ACK] Seq=2472 Ack=698 Win=7495
"684","296.816460","192.168.43.150","111.221.29.198","TCP","54","49810 > 443 [ACK] Seq=1940 Ack=2473 Win=64512 Le
"685","296.817986","192.168.43.150","111.221.29.198","TLSv1.2","139","Encrypted Alert"
"686","296.818428","192.168.43.150","111.221.29.198","TCP","54","49810
n=0"
> 443 [FIN, ACK] Seq=2025 Ack=2473 Win=6451
"687","296.819594","111.221.29.198","192.168.43.150","TCP","54","443 > 49810 [ACK] Seq=2473 Ack=1823 Win=8192 Len
"688","296.821509","192.168.43.150","192.168.43.1","DNS","91","Standard query 0x8db1 A HK2SCH130021235.wns.window
"689","296.831540","111.221.29.198","192.168.43.150","TCP","54","443 > 49810 [ACK] Seq=2473 Ack=1940 Win=8075 Len
"690","297.063715","192.168.43.1","192.168.43.150","DNS","107","Standard
dows.com A 111.221.29.112"
query response 0x8db1 A HK2SCH130021235.w
"691","297.066087","192.168.43.150","111.221.29.112","TCP","66","49811
6 SACK_PERM=1"
> 443 [SYN] Seq=0 Win=8192 Len=0 MSS=1460
"692","297.421341","111.221.29.198","192.168.43.150","TCP","54","[TCP
40 Win=8075 Len=0"
Dup ACK 689#1] 443 > 49810 [ACK] Seq=2473 Ac
"693","297.421472","111.221.29.198","192.168.43.150","TCP","54","443 > 49810 [ACK] Seq=2473 Ack=2026 Win=7990 Len
"694","297.638642","111.221.29.112","192.168.43.150","TCP","66","443
=1400 WS=1 SACK_PERM=1"
> 49811 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0
"695","297.638894","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=1 Ack=1 Win=65792 Len=0"
"696","297.641997","192.168.43.150","111.221.29.112","TLSv1.2","253","Client Hello"
"697","297.697395","192.168.43.150","52.2.29.109","TCP","90","49666
"
> 8888 [PSH, ACK] Seq=397 Ack=13162 Win=253 Le
"698","297.990672","52.2.29.109","192.168.43.150","TCP","54","8888 > 49666 [ACK] Seq=13162 Ack=433 Win=239 Len=0"
"699","297.990910","52.2.29.109","192.168.43.150","TCP","86","8888
"
> 49666 [PSH, ACK] Seq=13162 Ack=433 Win=239 Le
"700","297.991161","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=433 Ack=13194 Win=252 Len=0"
"701","298.062412","111.221.29.112","192.168.43.150","TCP","1454","443
TCP segment of a reassembled PDU]"
> 49811 [ACK] Seq=1 Ack=200 Win=7993 Len=1
"702","298.062654","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=200 Ack=1401 Win=65792 Len
"703","298.063024","111.221.29.112","192.168.43.150","TCP","114","443
=60 [TCP segment of a reassembled PDU]"
> 49811 [PSH, ACK] Seq=1401 Ack=200 Win=799
"704","298.063194","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=200 Ack=1461 Win=65536 Len

"705","298.090832","111.221.29.112","192.168.43.150","TCP","1454","443
0 [TCP segment of a reassembled PDU]"
> 49811 [ACK] Seq=1461 Ack=200 Win=7993 Le
"706","298.091048","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=200 Ack=2861 Win=65792 Len
"707","298.092345","111.221.29.112","192.168.43.150","TCP","114","443
=60 [TCP segment of a reassembled PDU]"
> 49811 [PSH, ACK] Seq=2861 Ack=200 Win=799
"708","298.092551","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=200 Ack=2921 Win=65536 Len
"709","298.092792","111.221.29.112","192.168.43.150","TLSv1.2","642","Server
rver Hello Done"
Hello, Certificate, Server Key Exchange, Se
"710","298.092973","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=200 Ack=3509 Win=65024 Len
"711","298.159160","192.168.43.150","111.221.29.112","TLSv1.2","236","Client
Handshake Message"
Key Exchange, Change Cipher Spec, Encrypte
"712","298.499011","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"713","298.658246","111.221.29.112","192.168.43.150","TLSv1.2","161","Change Cipher Spec, Encrypted Handshake Messag
"714","298.658550","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=382 Ack=3616 Win=65024 Len
"715","298.668103","192.168.43.150","111.221.29.112","TLSv1.2","379","Application Data"
"716","298.668738","192.168.43.150","111.221.29.112","TLSv1.2","1179","Application Data"
"717","298.669205","192.168.43.150","111.221.29.112","TLSv1.2","171","Application Data"
"718","299.138172","111.221.29.112","192.168.43.150","TLSv1.2","347","Application Data"
"719","299.138353","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=1949 Ack=3909 Win=64512 Le
"720","299.138668","111.221.29.112","192.168.43.150","TCP","54","443 > 49811 [ACK] Seq=3909 Ack=1949 Win=8192 Len
"721","299.146496","111.221.29.112","192.168.43.150","TLSv1.2","171","Application Data"
"722","299.146648","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=1949 Ack=4026 Win=64512 Le
"723","299.146989","111.221.29.112","192.168.43.150","TLSv1.2","235","Application Data"
"724","299.147112","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=1949 Ack=4207 Win=64256 Le
"725","299.147250","111.221.29.112","192.168.43.150","TLSv1.2","171","Application Data"
"726","299.147336","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=1949 Ack=4324 Win=65792 Le
"727","299.147941","192.168.43.150","111.221.29.112","TLSv1.2","171","Application Data"
"728","299.499616","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"729","299.629155","111.221.29.112","192.168.43.150","TLSv1.2","187","Application Data"
"730","299.629461","192.168.43.150","111.221.29.112","TCP","54","49811 > 443 [ACK] Seq=2066 Ack=4457 Win=65536 Le
"731","300.499993","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"732","301.500567","192.168.43.150","239.255.255.250","SSDP","216","M-SEARCH * HTTP/1.1 "
"733","302.551681","52.2.29.109","192.168.43.150","TCP","164","8888
10"
> 49666 [PSH, ACK] Seq=13194 Ack=433 Win=239 L
"734","302.551855","192.168.43.150","52.2.29.109","TCP","54","49666 > 8888 [ACK] Seq=433 Ack=13304 Win=252 Len=0"
"735","311.740022","52.2.29.109","192.168.43.150","TCP","192","8888
38"
> 49666 [PSH, ACK] Seq=13304 Ack=433 Win=239 L
"736","311.740183","192.168.43.150","52.2.29.109","TCP"...


Anonymous
Super useful! Studypool never disappoints.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags